Session Management

The object stores the session ID returned by OneSpan Authentication Server on login. Instances of that bean must be persistent through the user’s HTTP session. The persistence should be handled by the application server; implementing this is best practice, Java EE standard defines various mechanisms for this purpose.

There are two different methods for this implementation:

• You can encapsulate the AdministrationBean object in a stateful Enterprise Java Bean (EJB), which is supported by all major application servers. This permits the use of the bean in both servlets and JSP pages.
• Alternatively, you can use the <jsp:useBean> directive, with the scope attribute set to session. However, this solution is suitable only when integrated in JSP pages, since it does not grant access to the bean in a servlet. This method is used in the sample site.

Integrators can handle the persistence by storing the object in the Java EE session object. However, this is not recommended since it causes a lot of additional work. For more information and implementation details, refer to the Java EE specification.