You pause to consider the fact that the user might leave and return to the info.jsp page many times during the session. As the code now stands, every time the user returns, the page creates a new recordset and assigns values to session variables. This is a waste of server resources. You want to create the recordset and session variables only once for the session.

You decide to code the page in such a way as to create a new recordset only if the session variables are not defined (that is, only when the user first logs in). If the session variables already exist, then the server skips the code that creates the recordset and session variables.

Here's the pseudo-code that would accomplish this task:

IF the session variables have not been defined yet THEN
	generate the recordset
	copy the values into the session variables
END IF

Here's the same logic expressed as a JSP scriptlet:

<% if (session.getAttribute("lastname") == null){ %>
	<% /* code generating recordset */%>
	<% /* code copying data into session variables */ %>
<% } %>

In the UltraDev Code view, you enter the following JSP scriptlet just before the existing code block that generates the recordset:

<% if (session.getAttribute("slname") == null){ %>

This line tells the server: "If the value of the slname session variable has not been defined yet, create a recordset and copy the values into the session variables. Otherwise, don't."

After adding some explanatory comments and the scriptlet, this part of the page's code looks as follows:

The code block that follows the conditional statement creates the recordset and session variables. It's executed only if the session variable slname has not been defined—that is, the user has not logged in, or the session has timed out.

Next, you enter the following scriptlet immediately following the code block assigning values to the session variables: :

<% } %>

This line tells the server: "OK, that's the end of the code block creating the recordset and session variables."

After adding some explanatory comments and the scriptlet, this part of the page looks as follows:

There is one more detail: When UltraDev creates a recordset, it inserts the following housecleaning code at the end of the HTML source code:

<%
rsOwner.close();
ConnrsOwner.close();
%>

This scriptlet frees up server resources by removing the recordset from memory and closing the database connection. However, the scriptlet will produce a JSP error if no recordset has been created—that is, if the server skipped the conditional code block above.

The solution is to move the scriptlet inside the conditional block so that it only runs if the recordset is created. You can move this scriptlet above the HTML code because you won't be using the recordset in any of the HTML.

You place the housecleaning scriptlet after the session variable assignments at the end of the conditional code block, as follows.

A colleague thinks he's spotted a weakness in your code. What happens if the user tries to open the info.jsp page after the session has timed out? Because the session variables are no longer defined, the code you added will attempt to create a new recordset. However, the MM_Username session variable in your SQL statement has also ceased to exist. Won't this produce an error?

You explain that it wouldn't get that far. If the user's session times out, then the user won't be able to access the info.jsp page because a session variable is also used to restrict access to the page. Without a valid session variable identifying the authenticated user, the UltraDev server behavior that restricts access to the page would automatically forward the user to the Login page. For more information on the behavior, see Arrow Aircraft 4: Restricting access to the site.