0

im currently having an intense problem. I cant seem to be able to create individual sessions for my clients who are using my servlet.

The key point of my servlet is that it provides a diffie hellman key exchange to individual sessions. That is working as intended , however when another user concurrently pushes the add token button. The previous values that were generated will be overwritten , so my server is limited to serving only one person at a time.

How do i create multiple sessions for my clients using my diffie hellman servlet? Thanks in advance.

Below is my code snippet.

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {

    HttpSession session = request.getSession(false);
    if(null == request.getRequestedSessionId())
    {
        //create new session
        System.out.println("No session id found , generating a new session ID");
        session = request.getSession(true);
        System.out.println("session id generated is "+session.getId());
        @SuppressWarnings("deprecation")
        String encodedURL = response.encodeUrl("/MyServletProject/DHServlet");
        System.out.println("res.encodeURL(\"/DHServlet\");="+encodedURL);
        response.sendRedirect(encodedURL);
        return;
    }else
    {
        System.out.println("session id = "+request.getRequestedSessionId());
        System.out.println("no redirect required");
    }

    processRequest(request,response);

}

My diffie hellman Key Exchange

protected void processRequest(HttpServletRequest request, HttpServletResponse response)
        throws ServletException, IOException {
    response.setContentType("text/html;charset=UTF-8");
    PrintWriter out = response.getWriter();
   // PrintWriter out2=response.getWriter();
    DH getDH = new DH();



    try {
        System.out.println("Session id requested is "+request.getRequestedSessionId());




        long pValue = getDH.getSafePrime();
        long gValue = getDH.getGenValue(pValue);

        System.out.println("pValue is "+pValue);
        System.out.println("gValue us "+gValue);

        long serverSK = getDH.generateSKA();

        BigInteger safePrimeValue = BigInteger.valueOf(pValue);
        BigInteger generatorValue = BigInteger.valueOf(gValue);

        System.out.println("the safe Prime is "+safePrimeValue);
        System.out.println("the generator value is "+generatorValue);

        BigInteger serverPK = getDH.generatePkB(generatorValue, safePrimeValue, serverSK);
   // System.out.println(publicKeyFromClient);

    String getTimeOnServer = Time.getTime();
    String SPValue = safePrimeValue.toString();
    String genValue = generatorValue.toString();
    String sPublicKey = serverPK.toString();
   // long pkFromClient = Long.parseLong(publicKeyFromClient);
    //BigInteger pkC = BigInteger.valueOf(pkFromClient);

   System.out.println("the erver public key is "+sPublicKey);


   out.print("1"+":"+getTimeOnServer+":"+genValue+":"+SPValue+":"+sPublicKey);





   pkClient=sPublicKey.toString();
   SpValue = SPValue.toString();
   sCValue=Long.toString(serverSK);




    } finally {            
        out.close();
    }
}
Clearner88
  • 101
  • 1
  • 11
  • law of servlet : every new user is a new session – Srinath Ganesh Aug 25 '13 at 05:38
  • simply doing request.getSession(true); and letting the container manage session fetch/create is better , because parameter true will create new only if required or create it . – Srinath Ganesh Aug 25 '13 at 05:46
  • then is there anyway, to get the values of the previous session? – Clearner88 Aug 25 '13 at 05:46
  • to get a dead session values ? not in par with the purpose of session ! try cookie instead (cookie for anything releted to field of security is bad) , you could think about application scoped variables (variables reset/lost on server restart) – Srinath Ganesh Aug 25 '13 at 05:49
  • i have tried request.getSession(true) as you have said, every new user is a new session. My diffie hellman key exchange will be over written when another user presses the add token function – Clearner88 Aug 25 '13 at 05:50
  • try closing the broswer and open again , check session time out value in web.xml , do you have logins ? (session var is alive till the browser is not closed) – Srinath Ganesh Aug 25 '13 at 05:52
  • as i am using this servlet for an android application. I have no browser to close. I will try to set the browser time out to 1 min – Clearner88 Aug 25 '13 at 05:57
  • let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/36191/discussion-between-srinath-ganesh-and-clearner88) – Srinath Ganesh Aug 25 '13 at 05:58
  • 1
    Your main problem seems to be that you have session state being saved as instance variables in your servlet. Don't do that. Get the session from the request every time you need it. The only instance state that makes sense in a servlet is stuff that is common to all sessions. – user207421 Aug 25 '13 at 12:10
  • 1
    Indeed. I believe that you're making some major conceptual mistake somewhere. It look like you blindly dived into web development without really having learnt basic HTTP. Half of the code you've there is completely unnecessary. In servlets, *you* are not responsible for creating sessions. Container does that already automatically. Start here to learn how servlets, requests and sessions work: http://stackoverflow.com/questions/3106452/how-do-servlets-work-instantiation-session-variables-and-multithreading/3106909#3106909 – BalusC Aug 25 '13 at 13:46

0 Answers0