Results 1 to 6 of 6
  1. #1
    DC200 is offline Member
    Join Date
    Dec 2008
    Posts
    49
    Rep Power
    0

    Default Servlets and HttpSession

    This is my first attempt at writing a servlet. I'm trying to create a simple login page that directs users to their account page where they can update their account details and such. However I'm getting the feeling that I'm not doing this right. Do I really need to use HttpSession here? If so, what should I be using it for besides storing their account name?

    Also, how should I go about redirecting users who have edited their account details back to their account page?

    Java Code:
    public class Main extends HttpServlet {
    	public void doGet (HttpServletRequest r1, HttpServletResponse r2) throws IOException, ServletException {
    		r2.setContentType ("text/html");
    		PrintWriter p = r2.getWriter ();
    		String sqluser = "root", sqlpass = "password";
    		String account, password, request;
    		request = r1.getParameter ("request");
    
    		p.println ("<head>");
    		p.println ("<title>Main</title>");
    		p.println ("</head>");
    		p.println ("<body>");
    		p.println ("<p>");
    
    		/*
    		user login
    		*/
    		if (request.equals("login")) {
    		account = r1.getParameter ("account");
    		password = r1.getParameter ("password");
    
    		//search for account and password matches in sql database -> resultset res
    
    		if (res.next()==true) {
    			HttpSession session = r1.getSession();
    			session.setAttribute("logon.isDone", account);
    
    			String firstname = res.getString("firstname");
    			String lastname = res.getString("lastname");
    			String address = res.getString("address");
    			String province = res.getString("province");
    			String city = res.getString("city");
    
    			p.println ("<h2>logged in as:</h2>");
    			p.println ("<b>account</b>: " +account+ "<br/>");
    			p.println ("<b>first name</b>: " +firstname+ "<br/>");
    			p.println ("<b>last name</b>: " +lastname+ "<br/>");
    			p.println ("<b>address</b>: " +address+ "<br/>");
    			p.println ("<b>province</b>: " +province+ "<br/>");
    			p.println ("<b>city</b>: " +city+ "<br/>");
    			p.println ("<b>session</b>: " +session.getAttribute("logon.isDone")+"-"+session.getId()+ "<br/>");
    
    			p.println ("<form action='localhost:8080/servlet/Main' method='post'>");
    			p.println ("<input type='hidden' name='account' value='"+account+"'>");
    			p.println ("<input type='hidden' name='password' value='"+password+"'>");
    			p.println ("<input type='hidden' name='firstname' value='"+firstname+"'>");
    			p.println ("<input type='hidden' name='lastname' value='"+lastname+"'>");
    			p.println ("<input type='hidden' name='address' value='"+address+"'>");
    			p.println ("<input type='hidden' name='province' value='"+province+"'>");
    			p.println ("<input type='hidden' name='city' value='"+city+"'>");
    			p.println ("<p><input type='submit' value='edit details' name='request' size='10'><input type='submit' value='edit password' name='request' size='10'></p>");
    			p.println ("<p><input type='submit' value='logout' name='request' size='10'></p>");
    			p.println ("</form>");
    			}
    			else {
    				p.println ("<h2>error: incorrect account name and/or password</h2><br/>");
    			}
    		}
    
    		/*
    		logout
    		*/
    		else if (request.equals("logout")) {
    			session.invalidate();
    		}
    
    		/*
    		send account edit form
    		*/
    		else if (request.equals("edit details")) {
    			account = r1.getParameter ("account");
    			password = r1.getParameter ("password");
    			String firstname = r1.getParameter ("firstname");
    			String lastname = r1.getParameter ("lastname");
    			String address = r1.getParameter ("address");
    			String province = r1.getParameter ("province");
    			String city = r1.getParameter ("city");
    			
    			p.println ("<h2>edit account details:</h2>");
    			p.println ("<form action='localhost:8080/servlet/Main' method='post'>");
    			p.println ("<input type='hidden' name='account' value='"+account+"'>");
    			p.println ("<input type='hidden' name='password' value='"+password+"'>");
    			p.println ("<p>first name: &nbsp; <input type='text' name='firstname' value="+firstname+" size='20' maxlength='20'></p>");
    			p.println ("<p>last name: &nbsp; <input type='text' name='lastname' value="+lastname+" size='20' maxlength='20'></p>");
    			p.println ("<p>address: &nbsp; <input type='text' name='address' value="+address+" size='20' maxlength='20'></p>");
    			p.println ("<p>province: &nbsp; <input type='text' name='province' value="+province+" size='3' maxlength='3'></p>");
    			p.println ("<p>city: &nbsp; <input type='text' name='city' value="+city+" size='20' maxlength='20'></p>");
    			p.println ("<p><input type='submit' value='update details' name='request' size='10'></p>");
    			p.println ("</form>");
    		}
    
    		/*
    		update account
    		*/
    		else if (request.equals("update details")) {
    			account = r1.getParameter ("account");
    			password = r1.getParameter ("password");
    			String firstname = r1.getParameter ("firstname");
    			String lastname = r1.getParameter ("lastname");
    			String address = r1.getParameter ("address");
    			String province = r1.getParameter ("province");
    			String city = r1.getParameter ("city");
    
    			//update record in sql database
    
    			p.println ("<h2>account details updated</h2>");
    			
    			//redirect user to their account page
    		}
    
    		p.println ("</p>");
    		p.println ("</body>");
    		p.println ("</html>");
    	}
    
    	public void doPost (HttpServletRequest r1, HttpServletResponse r2) throws ServletException, IOException {
    		doGet (r1, r2);
    	}
    }
    Last edited by DC200; 11-16-2009 at 03:49 AM.

  2. #2
    r035198x is offline Senior Member
    Join Date
    Aug 2009
    Posts
    2,388
    Rep Power
    7

    Default

    1.)Start by naming variables appropriately
    Java Code:
    public void doGet (HttpServletRequest request, HttpServletResponse response) ...
    2.) Do not write html in servlets. Use JSPs for presenting the data.
    3.) Where is res declared and initialized? Just write a separate class for the DB check and put in a method called userExists (or similar). Then all your servlet needs to do is call that method.

  3. #3
    Tolls is offline Moderator
    Join Date
    Apr 2009
    Posts
    11,863
    Rep Power
    19

    Default

    4) Do not write monster servlets. This is 4 different servlets squished into one, making it a maintenance (and reading) nightmare.

  4. #4
    DC200 is offline Member
    Join Date
    Dec 2008
    Posts
    49
    Rep Power
    0

    Default

    I will of course write separate methods to handle the DB checks and use JSP for the HTML after I get everything working properly.

    The main problems I have at the moment are 1) how to use HttpSession in for a servlet such as this, and 2) how do redirect users that have updated their record details to their account page that is currently presented to them only after they have logged in. I could force them to login again, but there must be a better way to do it.
    Last edited by DC200; 11-16-2009 at 12:16 PM.

  5. #5
    r035198x is offline Senior Member
    Join Date
    Aug 2009
    Posts
    2,388
    Rep Power
    7

    Default

    When you verify that they exist in the database, create a new session for them and store their details in the session. You can now access them on every page.

  6. #6
    DC200 is offline Member
    Join Date
    Dec 2008
    Posts
    49
    Rep Power
    0

    Default

    I'll try that, thanks.

    Tolls: I originally had another servlet to handle the registration, but for some reason thought that squishing it all into one would be better. I guess I should split it up now.

Similar Threads

  1. servlets
    By priyacvr in forum Java Servlet
    Replies: 2
    Last Post: 09-28-2009, 07:43 AM
  2. Servlets
    By javahelp00 in forum New To Java
    Replies: 1
    Last Post: 02-28-2009, 06:28 PM
  3. Security in HttpSession [Discussion]
    By mtz1406 in forum Java Servlet
    Replies: 3
    Last Post: 11-19-2008, 12:37 AM
  4. How to retrieve HttpSession from axis 2.0.
    By snooze-g in forum Advanced Java
    Replies: 0
    Last Post: 10-02-2007, 07:08 AM
  5. Servlets
    By nagaroopanandha in forum Advanced Java
    Replies: 1
    Last Post: 08-07-2007, 02:09 PM

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •