Re: How to Retrieve Session User?
Re: How to Retrieve Session User?
- Subject: Re: How to Retrieve Session User?
- From: Chuck Hill <email@hidden>
- Date: Thu, 5 Apr 2007 09:39:58 -0700
On Apr 5, 2007, at 9:16 AM, Fred Shurtleff wrote:
Hi All,
I checked the session (using Session session = (Session) session
();) immediately B4 setting the session user and again when I
retrieved the session user, and they were, in fact, DIFFERENT. So
this explains WHY the null user(and why the KVC calls seemingly did
not work), but opens up another issue - how are multiple sessions
spawned?
Studies have shown that 98.3% of the time this can be tracked to your
bad HTML. That is why I suggested using iCab yesterday. No green,
happy face in iCab? Your HTML has a problem. Bad HTML + confused
browsers = extra requests to the application.
Another way to find this is to add this to your session class:
boolean didCreate = true;
public void awake() {
super.awake();
if (didCreate)
{
NSLog.out.appendln("Creating session for request: " +
context().request().uri());
didCreate = false;
}
}
You should be able to spot the bad URL(s) and track then back to your
bad HTML.
Chuck
I do understand the process of session ID creation and how requests
are matched with active, cached session ID's, but what I don't
understand is how my app has created >1 sessions when I am the only
user running direct under the localhost??
Also I should say that having read all the replies to my post, I
now realize there are better practices for tracking users. I was in
fact using a demo app from a WO book (WO's Developer's Guide - SAMS
Publishing, 2002), which happens to use these KVC techniques for
user tracking, which understandably can be simplified/inappropriate
for training purposes. But it is very frustrating trying to debug
this issue, and stood in the way of working the demo, which I
thought was very good from the standpoint of transversing related
EO's and performing basic database CRUD actions.
Last I just want to mention there is complete authenticate/user
tracking solution in the "Practical WebObjects Book"(Chapter 4) by
Hill & Mallais, which appears very straight-forward, flexible, and
conceptually sound to me. It even uses HTTPS to do the
authentication, and DOES NOT USE KVC techniques. :-) So I plan
to use it for user logins and site security controls.
Thanks for all your input - Fred
Ken Anderson wrote:
Fred,
I would verify that the session your setting the user on is the
same session your asking for the user. As Chuck mentioned
earlier, it's possible that you're creating sessions without
realizing it.
Ken
On Apr 4, 2007, at 8:41 PM, Fred Shurtleff wrote:
It's a typo - really 2 lines.
// set the session.user ((Session) session()).takeValueForKey
(user, "user");
Chuck Hill wrote:
On Apr 4, 2007, at 5:34 PM, Fred Shurtleff wrote:
Gino, Mark, Chuck, Mike,
I have tried all of your 'best practice' suggestions (not
Chuck's yet), and STILL have no luck. To recap, this is my setup:
Session.java (declare a user)-
protected EOEnterpriseObject user;
Main.java (fetch/authenticate, & set the user in session)-
// fetch the user
EOEnterpriseObject user = EOUtilities.objectMatchingKeyAndValue
(session().defaultEditingContext(), "User", "name", username);
// set the session.user ((Session) session()).takeValueForKey
(user, "user");
Typo or is it really commented out?
Post.java (get the user for inserting transaction)=
EOEnterpriseObject user = (EOEnterpriseObject) ((Session)
session()).valueForKey("user");
At this point (using the debug mode) the user is null!! This
seems so... basic, yet I cannot see the problem. So if you see
something awry, please shout again.
It is sort of like a magic show. If I put something in a box,
and then later open the box and the thing is not in there, how
did this happen? Answer: it is not the same box. Try this:
// fetch the user
EOEnterpriseObject user = EOUtilities.objectMatchingKeyAndValue
(session().defaultEditingContext(), "User", "name", username);
// set the session.user
((Session) session()).takeValueForKey(user, "user");
NSLog.out.appendln("Registered user in session " + session
().sessionID());
Post.java (get the user for inserting transaction)=
EOEnterpriseObject user = (EOEnterpriseObject) ((Session)
session()).valueForKey("user");
NSLog.out.appendln("Retrieved user from session " + session
().sessionID());
Now, are the IDs the same or not? If not, check your HTML for
malformed HTML. On Mac? Use the iCab browser for its easy
HTML validation.
Chuck
Now what I think Chuck & Mike is saying is the above approach
is 'taking a short cut' so-to-speak(using built-in KVC settor/
gettors), and is lacking for reasons mentioned. A better
practice is to code explicit java methods to message (get/set)
objects - a la OO Programming style.
I appreciate all your help & suggestions - Fred
Chuck Hill wrote:
Adding onto Mark's comments... KVC is for when you can't use
statically compiled Java. Using KVC instead of statically
compiled Java:
- reduces the chance of having the compiler catch your mistakes
- makes the code harder to read
- makes it harder to make naming changes
- makes you a bad person ;-)
In your session you should have:
private User loggedInUser;
public void setUser(User user) {
loggedInUser = user;
}
public User user() {
return loggedInUser;
}
And your code sample should read:
// set the session user
((Session)session()).setUser(user);
...
EOEnterpriseObject user = ((Session)session()).user();
And if it still evaluates to null, then your code is probably
creating more sessions than you realize.
Chuck
On Apr 4, 2007, at 3:58 PM, Mark Morris wrote:
Hi Fred,
KVC is certainly an integral part of WO, but much of that is
a bit behind the scenes. For instance, if you create the user
() and setUser() methods in your Session class, WO's KVC
implementation is what lets you bind session.user to a
WOString in a component. So you get the advantages, while
still getting the benefits of proper methods that Mike was
mentioning (such as some compiler error checking, easier
maintainability/internal documentation, and the ability to
put some logic in the accessor methods).
Regards,
Mark
On Apr 4, 2007, at 5:22 PM, Fred Shurtleff wrote:
Chuck,
I would welcome your comments on my KVC usage.
I was actually surprised by Mike's statement re: KVC
'funnybusiness' as I was led to believe from my readings
that KVC was a very integral part of WO. And the KVC concept
seems very straight-forward to me - what can be simpler than
takeValueForKey( value, key)? Also this is the technique I
have learned from a number of tutorials.
But then I am unable to put/get a user into the session - so
there must be something I am missing. Actually I have tried
so many ways to retrieve the user, I now think I never got
the user into the session to begin with. :-)
Chuck Hill wrote:
Listen to Mike. I was just about to write and make the
same complaint of your code. Abusing KVC is NOT your friend.
Chuck
On Apr 4, 2007, at 1:45 PM, Mike Schrag wrote:
PERSONALLY, I'd stop all this KVC funnybusiness. It has
its place and it's really powerful, but you're making your
life way obnoxious. Let Java do its job and just call
methods on things -- there are LOTS of benefits of this.
Define a proper user field on your Session class and do
setUser(..) and user() to retrieve it.
On Apr 4, 2007, at 4:40 PM, Fred Shurtleff wrote:
Mark - I understand where you are coming from, and did
try your suggestion. But I still am NOT getting a user EO
instance (I get null per the debugger).
Actually I checked the WO docs and both valueForKeyPath
AND valueForKey are valid methods of the Session class.
Problem is what is the correct syntax. The docs say
object.valueForKey(string), and your suggestion provided
the object part (ie session()) (I also tried your input +
valueForKeyPath but Eclipse complained about 'no such key
= session')
So I still am at a loss on how to retrieve a user EO from
the session. :-(
But thanks for your help/input!
Mark Morris wrote:
Hi Fred,
On Apr 4, 2007, at 3:10 PM, Fred Shurtleff wrote:
Hello,
I have a basic question on how to access the logged in
user for later use in updates. After authenticating a
user I enter him into the session, but when I later try
to retrieve this user in another page, it fails(returns
null).
So in my main page I record the user as follows:
if (_password.equals(password))
{ EOEnterpriseObject user =
EOUtilities.objectMatchingKeyAndValue(session
().defaultEditingContext(), "User", "name", username);
// set the
session.user session
().takeValueForKey(user, "user");
And on another page to add a new transaction which
needs the user relation attribute(as a foreign key):
EOEnterpriseObject user = (EOEnterpriseObject)
valueForKeyPath("session.user"); // user evals to null???
Try changing this to:
EOEnterpriseObject user = (EOEnterpriseObject)session
().valueForKey("user");
valueForKeyPath is useful, but I don't think it can do
what you're asking of it here.
purchase.addObjectToBothSidesOfRelationshipWithKey
(user, "user");
The save fails because user is a required attribute.
And I'm not sure if I am not properly storing the user
in the session, or not properly retrieving the user
from the session.
Can anyone see what I am doing wrong or suggest another
approach?
TIA
Personally, I usually make currentUser an actual
variable in Session. (Private, with public accessor
methods, of course! ;-)
Regards,
Mark
_______________________________________________
Do not post admin requests to the list. They will be
ignored.
Webobjects-dev mailing list (Webobjects-
email@hidden)
Help/Unsubscribe/Update your Subscription:
email@hidden
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-
email@hidden)
Help/Unsubscribe/Update your Subscription:
@global-village.net
This email sent to email@hidden
--Practical WebObjects - for developers who want to
increase their overall knowledge of WebObjects or who are
trying to solve specific problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-
email@hidden)
Help/Unsubscribe/Update your Subscription:
40comcast.net
This email sent to email@hidden
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (Webobjects-
email@hidden)
Help/Unsubscribe/Update your Subscription:
40onpointsoftware.com
This email sent to email@hidden
--Practical WebObjects - for developers who want to increase
their overall knowledge of WebObjects or who are trying to
solve specific problems.
http://www.global-village.net/products/practical_webobjects
--Practical WebObjects - for developers who want to increase
their overall knowledge of WebObjects or who are trying to solve
specific problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
40anderhome.com
This email sent to email@hidden
--
Practical WebObjects - for developers who want to increase their
overall knowledge of WebObjects or who are trying to solve specific
problems.
http://www.global-village.net/products/practical_webobjects
_______________________________________________
Do not post admin requests to the list. They will be ignored.
Webobjects-dev mailing list (email@hidden)
Help/Unsubscribe/Update your Subscription:
This email sent to email@hidden