7.1 User Authentication

Previous page
Table of content
Next page

Java Servlet Programming, 2nd Edition > 7. Session Tracking > 7.1 User Authentication

 
< BACKCONTINUE >

7.1 User Authentication

One way to perform session tracking is to leverage the information that comes with user authentication. We discussed user authentication back in Chapter 4, but, in case you've forgotten, it occurs when a web server restricts access to some of its resources to only those clients that log in using a recognized username and password. After the client logs in, the username is available to a servlet through getRemoteUser( ) .

We can use the username to track a client session. Once a user has logged in, the browser remembers her username and resends the name and password as the user views new pages on the site. A servlet can identify the user through her username and thereby track her session. For example, if the user adds an item to her virtual shopping cart, that fact can be remembered (in a shared class or external database, perhaps) and used later by another servlet when the user goes to the check-out page.

For example, a servlet that utilizes user authentication might add an item to a user's shopping cart with code like the following:

String name = req.getRemoteUser(); if (name == null) {   // Explain that the server administrator should protect this page } else {   String[] items = req.getParameterValues("item");   if (items != null) {     for (int i = 0; i < items.length; i++) {       addItemToCart(name, items[i]);     }   } }

Another servlet can then retrieve the items from a user's cart with code like this:

String name = req.getRemoteUser(); if (name == null) {   // Explain that the server administrator should protect this page } else {   String[] items = getItemsFromCart(name); }

The biggest advantage of using user authentication to perform session tracking is that it's easy to implement. Simply tell the server to protect a set of pages (following the instructions in Chapter 8), and use getRemoteUser( ) to identify each client. Another advantage is that the technique works even when the user accesses your site from different machines. It also works even if the user strays from your site or exits her browser before coming back.

The biggest disadvantage of user authentication is that it requires each user to register for an account and then log in each time she starts visiting your site. Most users will tolerate registering and logging in as a necessary evil when they are accessing sensitive information, but it's overkill for simple session tracking. Another downside is that HTTP's basic authentication provides no logout mechanism; the user has to exit her browser to log out. A final problem with user authentication is that a user cannot simultaneously maintain more than one session at the same site. We clearly need alternative approaches to support anonymous session tracking and to support authenticated session tracking with logout.


Last updated on 3/20/2003
Java Servlet Programming, 2nd Edition, © 2001 O'Reilly

< BACKCONTINUE >

Previous page
Table of content
Next page
Java servlet programming
Java Servlet Programming (Java Series)
ISBN: 0596000405
EAN: 2147483647
Year: 2000
Pages: 223
Authors: Jason Hunter, William Crawford
BUY ON AMAZON
Cisco IOS in a Nutshell (In a Nutshell (OReilly))
Cisco Voice Gateways and Gatekeepers
Service-Oriented Architecture (SOA): Concepts, Technology, and Design
Mapping Hacks: Tips & Tools for Electronic Cartography
Persuasive Technology: Using Computers to Change What We Think and Do (Interactive Technologies)
Java Concurrency in Practice
flylib.com © 2008-2017.
If you may any questions please contact us: flylib@qtcs.net
Privacy policy