Win a copy of Design for the Mind this week in the Design forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HFSJ Page 231, under 2nd Heading

 
Gangadhar Reddy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Under the 2nd heading "Sending a session cookie in the RESPONSE;" we have following code

HttpSession session = request.getSession();

But I think it has to be as follows:

HttpSession session = response.getSession();

If the ABOVE statement is right, then the error has not been mentioned in http://www.oreilly.com/catalog/headservletsjsp/errata/headservletsjsp.confirmed

Christophe Verre, can you please help me out in this? Thank you in advance
 
Christophe Verré
Sheriff
Posts: 14691
16
Eclipse IDE Ubuntu VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If you look carefully at HttpServletResponse's API, you'll see that there is no getSession method there. You retrieve or make a session via the request. I don't have the book, so I can't clearly explain what they mean by "Sending a session cookie in the RESPONSE".

Christophe Verre, can you please help me out in this?

Anybody is here to help you
 
Gangadhar Reddy
Greenhorn
Posts: 25
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes Christophe Verre, you are right. HttpServletResponse does not have getSession() method.
 
Marc Peabody
pie sneak
Sheriff
Posts: 4727
Mac Ruby VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't think that the term "session" in "Sending a session cookie in the RESPONSE" is referring to the HttpSession object on the server side.

Your server session doesn't keep track of cookies. That's really the whole point of cookies - that they store information on the client so the server doesn't have to store it. [Note: This concept gets muddied a little because the container can use cookies to track the JSESSIONID, so for this one case the container will keep the JSESSIONID stored both on the server side and on the client side as a cookie. But other than that... ]

I don't have my HFSJ in front of me, but I suspect that "session cookie" means one of two things:
1) A cookie that holds the JSESSIONID, meaning a cookie to identify which session object the client belongs to.
2) If a Cookie does not have an expiration date, it will be deleted when the user closes her browser window. In a sense, these could be called session cookies -even though they could outlive an HttpSession- because they live only for the browsing session.

But with either of my assumptions I wouldn't expect that a coder would need to retrieve the HttpSession for either one. #1 is managed entirely by the container and #2 has nothing to do with HttpSession. So I'm confused. Mind explaining the context of your question a little more?
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic