This is my first attempt at writing a servlet. I'm trying to create a simple login page that directs users to their account page where they can update their account details and such. However I'm getting the feeling that I'm not doing this right. Do I really need to use HttpSession here? If so, what should I be using it for besides storing their account name?
Also, how should I go about redirecting users who have edited their account details back to their account page?
public class Main extends HttpServlet { public void doGet (HttpServletRequest r1, HttpServletResponse r2) throws IOException, ServletException { r2.setContentType ("text/html"); PrintWriter p = r2.getWriter (); String sqluser = "root", sqlpass = "password"; String account, password, request; request = r1.getParameter ("request"); p.println ("<head>"); p.println ("<title>Main</title>"); p.println ("</head>"); p.println ("<body>"); p.println ("<p>"); /* user login */ if (request.equals("login")) { account = r1.getParameter ("account"); password = r1.getParameter ("password"); //search for account and password matches in sql database -> resultset res if (res.next()==true) { HttpSession session = r1.getSession(); session.setAttribute("logon.isDone", account); String firstname = res.getString("firstname"); String lastname = res.getString("lastname"); String address = res.getString("address"); String province = res.getString("province"); String city = res.getString("city"); p.println ("<h2>logged in as:</h2>"); p.println ("<b>account</b>: " +account+ "<br/>"); p.println ("<b>first name</b>: " +firstname+ "<br/>"); p.println ("<b>last name</b>: " +lastname+ "<br/>"); p.println ("<b>address</b>: " +address+ "<br/>"); p.println ("<b>province</b>: " +province+ "<br/>"); p.println ("<b>city</b>: " +city+ "<br/>"); p.println ("<b>session</b>: " +session.getAttribute("logon.isDone")+"-"+session.getId()+ "<br/>"); p.println ("<form action='localhost:8080/servlet/Main' method='post'>"); p.println ("<input type='hidden' name='account' value='"+account+"'>"); p.println ("<input type='hidden' name='password' value='"+password+"'>"); p.println ("<input type='hidden' name='firstname' value='"+firstname+"'>"); p.println ("<input type='hidden' name='lastname' value='"+lastname+"'>"); p.println ("<input type='hidden' name='address' value='"+address+"'>"); p.println ("<input type='hidden' name='province' value='"+province+"'>"); p.println ("<input type='hidden' name='city' value='"+city+"'>"); p.println ("<p><input type='submit' value='edit details' name='request' size='10'><input type='submit' value='edit password' name='request' size='10'></p>"); p.println ("<p><input type='submit' value='logout' name='request' size='10'></p>"); p.println ("</form>"); } else { p.println ("<h2>error: incorrect account name and/or password</h2><br/>"); } } /* logout */ else if (request.equals("logout")) { session.invalidate(); } /* send account edit form */ else if (request.equals("edit details")) { account = r1.getParameter ("account"); password = r1.getParameter ("password"); String firstname = r1.getParameter ("firstname"); String lastname = r1.getParameter ("lastname"); String address = r1.getParameter ("address"); String province = r1.getParameter ("province"); String city = r1.getParameter ("city"); p.println ("<h2>edit account details:</h2>"); p.println ("<form action='localhost:8080/servlet/Main' method='post'>"); p.println ("<input type='hidden' name='account' value='"+account+"'>"); p.println ("<input type='hidden' name='password' value='"+password+"'>"); p.println ("<p>first name: <input type='text' name='firstname' value="+firstname+" size='20' maxlength='20'></p>"); p.println ("<p>last name: <input type='text' name='lastname' value="+lastname+" size='20' maxlength='20'></p>"); p.println ("<p>address: <input type='text' name='address' value="+address+" size='20' maxlength='20'></p>"); p.println ("<p>province: <input type='text' name='province' value="+province+" size='3' maxlength='3'></p>"); p.println ("<p>city: <input type='text' name='city' value="+city+" size='20' maxlength='20'></p>"); p.println ("<p><input type='submit' value='update details' name='request' size='10'></p>"); p.println ("</form>"); } /* update account */ else if (request.equals("update details")) { account = r1.getParameter ("account"); password = r1.getParameter ("password"); String firstname = r1.getParameter ("firstname"); String lastname = r1.getParameter ("lastname"); String address = r1.getParameter ("address"); String province = r1.getParameter ("province"); String city = r1.getParameter ("city"); //update record in sql database p.println ("<h2>account details updated</h2>"); //redirect user to their account page } p.println ("</p>"); p.println ("</body>"); p.println ("</html>"); } public void doPost (HttpServletRequest r1, HttpServletResponse r2) throws ServletException, IOException { doGet (r1, r2); } }