• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

JSP session tracking

 
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi all,

I am having problems with session tracking with JSPs.

I only create one session (request.getSession(true)) and have set
the session option to false at the start of the jsp page(ie. session="false").
on subsequent jsp pages i simply retrieve the first created session (eg.
request.getSession(false)) and have set the default session="false".

hope all that makes sense

anyway the behaviour of the sessions doesn't seem consistent, and I strongly suspect that
its a browser problem rather than a program problem.

has anyone encountered similar problems ?

thanks,

J.C
 
Bartender
Posts: 1845
10
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
>anyway the behaviour of the sessions doesn't seem consistent, and I
>strongly suspect that its a browser problem rather than a program problem.

Can you be a bit more explicit about what problems you are encountering?
What makes you think sessions aren't working properly?
Are you opening multiple windows/sessions?

One thing to be aware of is that with IE, if you open a new window via File:new window, or a javascript window.open, then it shares the same session as the parent window. If you open IE from the desktop shortcut, it has its own seperate session.

I believe Firefox only has one session for all its windows/tabs.

What do you expect the session="false" in a jsp page to do? The session is still active, it just specifies that the page does not interact with it. It doesn't prevent you writing scriptlet code to access the session.

request.getSession() should always retrieve a session if one exists. The true/false argument just specifes whether to create one if one does not already exist.
 
James Clarke
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
>Can you be a bit more explicit about what problems you are encountering?
>What makes you think sessions aren't working properly?
>Are you opening multiple windows/sessions?

the thing that makes me think sessions aren't working properly is as follows:

login.jsp ---> displays link to "another.jsp"
another.jsp has a page include of "commonfile.jsp"
commonfile.jsp has code: if request.getSession(false)==null then page forward to login.jps

this works as its meant to most of the times, ie. logining in with the right details gives you a link to another.jsp and the link works fine.

but sometimes (actually way too often for a system thats meant to be secure) it just takes u back to the login.jsp if you click on the link to another.jsp.

thanks,

J.C
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Your code is only testing for the existence of a session - not that it's the same session.

Your probably better off just letting the container manage the sessions for you and test for the existence of your own object bound to session.

When the user logs in, instanciate an object ("userBean") and bind it to session. In all of your other pages retrieve the object from session and test for null.
[ August 31, 2005: Message edited by: Ben Souther ]
 
James Clarke
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
> Your code is only testing for the existence of a session - not that it's > the same session.

my understanding is getSession(false) returns a session if a session has been created for this user, in addition I have included "<%@ page session="false" %>" on top of the jsp page.

so not only am I testing for an existence of a session but for the existence of a session which was created previously when the user logged in.

let me know if you don't agree though...
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
It's quite possible that I am the one who doesn't fully understand how getSession(false) works because I've never been able to get that working that way (consistently) either.

You could debug the issue with a session listener that logs the new sessionID whenever a session is created. Then tail your logs while you click through your app.
Or...
You could use the solution that I mentioned earlier. I've had good luck with it and have seen several other people use it. If you do research the issue and find an answer, please post back with your findings.

-Ben
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Out of curiosity:
Do you have any include pages that don't have the session="false" directive?
 
And then we all jump out and yell "surprise! we got you this tiny ad!"
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic