File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes About Session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "About Session" Watch "About Session" New topic
Author

About Session

Liang Anmian
Ranch Hand

Joined: Jun 25, 2004
Posts: 119
Hi, I created the following simple JSP for testing:



Before running the JSP, I intentionally disabled cookies in my Firefox browser. Now, when I get to the page, I mouse-over the link, and yes, I can see the session ID. Now I refresh the page (by using refresh, not by clicking on the link, by the way, the link simply links to itself), and the session ID changes! But, if I clicked the link instead of refreshing the window, the session ID remains constant.

What is happening?
[ July 30, 2005: Message edited by: Liang Anmian ]

Current Status:<br /> <br />SCJP 1.4<br />SCJD (in progress)
kapil munjal
Ranch Hand

Joined: May 11, 2004
Posts: 298
Liang,

When you try to access the url for the first time...session is enabled on the server side and the url is rewritten to accomodate sessions even if cookies are disabled. <C:url> is used to rewrite the url so even if cookies are disabled, then session is alive with the help of "jsessionid".


Kapil Munjal
SCJP 1.4, SCWCD 1.4
Mat Williams
Ranch Hand

Joined: Jul 20, 2005
Posts: 215
Hi Liang,

When you first request the page <c:url> encodes a session id into the url so that if cookies are disabled you can still maintain a session. When you hover you mouse over the url you see this sessionid.

When you click on the link in the browser the session is maintained by the backend so the sessionid does not change, hence when you hover you mouse over it again it is the same sessionid.

However when you refresh the page you are sending a new request - that is your browser is saying give me this requested page without supplying any details about a session that it may or may not be involved in, and since you have turned off cookies the only way the server has to tell if you are part of a session is the url you type in. Therefore the server says hey I don't have a sessionid for this request (it wasn't in the url you typed in) but the <c:url> tag wants one so it creates a session for this request and gives the <c:url> tag its id. At this point your server has 2 sessions one that was lost and will eventually time out (form your first request) and this new one from the second request.

Hope this explains whats happening.

Matthew
Mat Williams
Ranch Hand

Joined: Jul 20, 2005
Posts: 215
Hi Liang,

I was thinking about your post and realised that an easy way for you to test/see what is happening is to create a HttpSessionListener.

If you do that and get it to write something to a log


this will show you when a new session is created and what the id for the session is

HTH

Mat
kapil munjal
Ranch Hand

Joined: May 11, 2004
Posts: 298
Matt,

a very nice way to find out whats happening when the same page is refreshed.

 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: About Session