Java Reference
In-Depth Information
To remove an attribute when it's no longer needed, call
removeAttribute(
String
)
with
its name as the argument. This method does not return
null
if the attribute does not
exist; instead, it simply does nothing.
All three methods throw
IllegalStateException
exceptions if the session is no longer
valid. This can occur if the session was deleted by the server before the request was
made, some kind of error prevented sessions from being maintained, or similar reasons.
Today's next project uses sessions to track whether a user has provided login information
to the servlet yet, as shown in Figure 21.3.
FIGURE 21.3
Using servlets to
log in users.
A servlet that's used to log in a user, authenticating that the person has a valid username
and password, can be loaded under three different circumstances:
The servlet is run before the user logs in. A form must be provided so that the user
can provide a username and password.
n
The servlet is run to log in. The username and password provided by the user must
be authenticated in some manner, presumably by checking a database.
n
The servlet is run after a user logs in.
n
To know what has happened before, which is necessary in all these circumstances, ses-
sions are used.
The
LoginServlet
program handles user logins with three session attributes: username,
password, and
loggedIn
, a
Boolean
object that is
true
when the user has logged in and
false
otherwise. The source code is shown in Listing 21.3.
