Cincom VisualWorks Web Toolkit Tutorial : Using Session Variables for the J2EE Logon Page

Using Session Variables for the J2EE Logon Page

Now that we have determined that using cookies won't solve our logon process, will now substitute cookies with session variables. This will also allow us to do more things with the application.

This lesson will demonstrate how pull data from an HTML form and compare it to data residing in a file. If the login is unsuccessful, we will give the employee the opportunity to login again. If the login is successful, we will redirect the employee to a welcome page and remember who they are when they get there using session variables. The validation will be done using a servlet.

1. If VisualWorks is not already running, please start running it now, load the Web Toolkit parcel and start a Wave HTTP server. You should also file in the code from Toyz Inc J1 and make sure the initialize method of the Filestuff class sets the correct location of the directory variable (i.e. the directory that contains the 3 data files).

2. Start with the file logon1.htm. Change the ACTION attribute for the FORM tag from servlet/ServletVerify1 to servlet/ServletVerify2. Save file as logon2.htm.

3. The servlet ServletVerify2 will be exactly the same as ServletVerify1 except that we will use session variables instead of cookies, and we will redirect to different pages. Below is the code that will do this.

doPost: aRequest response: aResponse
| firstName lastName passWord goodLogin employees mySession |
firstName := aRequest anyFormValueAt: 'firstName'.
lastName := aRequest anyFormValueAt: 'lastName'.
passWord := aRequest anyFormValueAt: 'passWord'.

goodLogin := 'NO'.
employees := (Toyz new) getEmployees.
employees do:
[ :each |
(passWord = each number) ifTrue:
[
(lastName = each lastName) ifTrue:
[
(firstName = each firstName) ifTrue:
[
goodLogin := 'YES'.
mySession := aRequest session.
mySession setAttribute: 'signon' to: each.
].
].
].
].

(goodLogin = 'YES')
ifTrue: [ aResponse redirectTo: '/teach/main2.ssp'. ]
ifFalse: [ aResponse redirectTo: '/teach/logon2.htm'.].

Let's look at this code (what's new) line by line (or chunk by chunk) and make sure you understand what each line (or chunk) does.

mySession := aRequest session.

This line creates a session object named mySession. We are using the aRequest parameter that was passed to this method for creating the session variable. Servlets can do this as part of the HttpServlet class.

mySession setAttribute: 'signon' to: each.

Here we are assigning a name to our session object (signon) so that it can be accessed from an SSP page. In this session we will place an instance of our Employee class (each) which is an iteration variable of our Employee collection.

4. Start with the file main1.ssp. Change the "cookie" logic to "session" logic and save this file as main2.ssp. A sample file would look like the following (the more interesting sections of the file have been highlighted):

<html>
<head>
<title>Toyz Inc. Home Page</title>
<link rel="stylesheet" type="text/css" href="toyzinc.css">
</head>
<body bgcolor=white>
<center>
<hr width="75%" size=4>
<table border=0 cellpadding=2 cellspacing=2 width=75% bgcolor=#FFFFFF>
<tr>
<td width="40%" align=right>
<img src=images/toyzinc.gif>
</td>
<td width="50%" align=left>
<h3>
Toyz Inc.
<br>
Employee
<br>
Accreditation &
<br>
Course
<br>
History
</h3>
</td>
</tr>
</table>
<hr width="75%" size=4>

<%
signon := session at: 'signon' ifPresent:
[ :signon |
response write: ('<h3>Hello ', signon firstName,'</h3>').
].
session at: 'signon' ifAbsent:
[
response write: '<h3>Your session has timed out. Please login again.'.
].
%>

<h4>Welcome to the TEACH home page</h4>
</center>
</body>
</html>

Here are 2 very handy methods of the session object.

If the employee did not successfully sign on, then the line of code in our servlet that creates the session variable would not have been executed. Therefore, the session variable would not exist and would be "absent". The ifAbsent: method checks for that and expects, as a parameter, a code block. Since this is a failed login attempt, the code block sends the user back to the logon page. Also, session variables have a default "lifespan" of 20 minutes. If you sit idle on a page for longer than 20 minutes, the session variable will timeout and not exist.

If the employee did successfully sign on, then the line of code in our servlet that creates the session variable did execute and the session variable would exist. The ifPresent: method checks for that and expects, as a parameter, a code block with the name of the session variable as an iteration variable, much like that of a collection. In this case, we can use the firstName method to welcome the employee to our home page.

5. At this point, feel free to test your logon process.

Figure 1. A successful login to the TEACH system

6. From the System Browser, <Operate-Click> the category of ToyzInc and select File Out As.... Enter ToyzInc_j2.st as the filename.

Congratulations! Phase 2 of the logon process is complete

Aside from substituting "cookie" logic with "session" logic, we did not do that much. However, we have laid the groundwork for a lot more functionality in our application, which we'll get to next.

You now should be able to:

	Create session variables in a servlet
	Test for the presence/absense of session variables
	Use session variables like objects