File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Web Component Certification (SCWCD/OCPJWCD) and the fly likes Session Invalidate Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Certification » Web Component Certification (SCWCD/OCPJWCD)
Bookmark "Session Invalidate" Watch "Session Invalidate" New topic

Session Invalidate

Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
I write a code like

HttpSession session = request.getSession();

then i check the session using

...........//what to do

if the isNew() function returns true then i don't want to join the session. For that what code i have write inside the if statement?

If i use session.ivalidate() inside the if statement its throws an exception stating that its already invalidated.

My point is, this servlet is accessable only after a session is created from the loginServlet(created for login to a session).

We can invalidate a session if the client is requesting with that session id.

Please tell me how to invaldate a new session that the client does not know yet about the session?

SCJP 5.0<br />SCWCD 1.4<br />Preparing for <b>SCEA</b>.<br /><b>"I prefer an interesting vice to a virtue that bores."</b>
Marcus Green
arch rival

Joined: Sep 14, 1999
Posts: 2813
will not cause the creation of a new session but will join an existing session if one exists.

SCWCD: Online Course, 50,000+ words and 200+ questions
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
Thank you Marcus Green.
What will be the output of sesson object when is use
HttpSession session = request.getSession(false);

If the request does not contain any session, what will be the value of session object? null?

See this code

The if statement is not working.It still trying to access userName and movies attribute of the invalid session object.

Please tell me, how can i check that session object is invalid?
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
Marcus Green, please give a reply.
Dilshan Edirisuriya
Ranch Hand

Joined: Apr 22, 2006
Posts: 299
It has to be --> if(session != null)
Then only you can invalidate a valid session.

Dilshan Edirisuriya SCJP1.4, SCWCD1.4, SCBCD 5
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
Dilshan Edirisuriya, read the topic complete then reply
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310






If i directly trying to access the ShowMovieServlet without login to a session, the if statement works, that means it dispatches the request to login.jsp.
But my problem is whenever the login.jsp page displays, i just click the back button of the browser without trying to login. Then i try to access the ShowMovieServlet again. But this time it will not dispatch the request to login.jsp again.

Why is this happen?
Biba Basnetti

Joined: Oct 09, 2006
Posts: 25
I am guessing because your session is no longer a new session the 2nd time you access the ShowMovieServlet.

The first time you access it, a new session is created and the request is dispatched to the login page:

The second time, you go to the MovieServlet in the same browser the req.getSession() probably returns your the session that was created the previous time and the session.isNew() should return false so it doesn't do the forward. Why would you check to see if someone is logged with with "if (session.isNew())"? Why not set session attribute named loggedIn to true once you authenticate in the login servlet and you can check if the user has logged in using session.getAttribute("loggedIn") in your MovieServlet.
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
Biba Basneti, actually i changed the code. But unfortunatly i posted the previous one.
I will put the ShowMovieServlet here.But its still not working

I changed it to HttpSession session = request.getSession(false);

Ok anyway i stopping this topic now. Because i am not getting any usefull information.

Thanks everybody
Marc Peabody
pie sneak

Joined: Feb 05, 2003
Posts: 4727

Sreeraj, I understand this may be a frustrating problem for you, but you're starting to come across as rude. This a reminder to be nice.

Now, I have a couple points to make...
You should include a null check against userName and dispatch to the login screen if it is missing.

You should also note that JSPs, by default, participate in sessions. Your login.jsp creates a new session when one does not exist every time you access it. You could use one of two ways to get around this. One, you could make the login.jsp into login.html, since there's nothing in it that's JSPish. Or two, you could put this in your login.jsp to keep it from creating a session:
<%@page session="false"%>
[ December 17, 2006: Message edited by: Marc Peabody ]

A good workman is known by his tools.
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
Thank you very much Marc Peabody. Now i got the point.
Sreeraj G Harilal
Ranch Hand

Joined: Apr 19, 2006
Posts: 310
I put the code <%@ page session="false" %> in login.jsp page.
Now its working fine.

Thanks again Marc Peabody
I agree. Here's the link:
subject: Session Invalidate
It's not a secret anymore!