File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes JSP and the fly likes JSTL creates unwanted sessions Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "JSTL creates unwanted sessions" Watch "JSTL creates unwanted sessions" New topic
Author

JSTL creates unwanted sessions

John O'Hanley
Greenhorn

Joined: Oct 13, 2002
Posts: 24
JSTL uses session scope. For example, the fmt tags use session scope to store a variable named "javax.servlet.jsp.jstl.fmt.request.charset".
This bothers me - a lot. Sessions should be under the full control of the application programmer. They should not be created by low-level items such as JSTL tags.
Arguments in favor of this position :
- sessions put an extra load on the server
- when cookies are not available, URLs are rewritten, and become much longer. It is often desirable to keep URLs simple and short if at
all possible, since it makes them easier for people to copy/paste out of emails (for exmaple).
I am going to pains in the current app I am building to create sessions
only when necessary. However, it seems that JSTL is creating them "without
my consent" in the background (this is unconfirmed, however).
Has anyone a comment on this issue?
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60774
    
  65

If you are using JSP and Servlets you are going to have a session. The fact that JSTL tacks an attribute onto this session does not create any new sessions. It merely adds an entry in the map that the already existing session is maintaining to keep track of its attributes.
This is a cheap and simple operation.
And yes, it behooves one when writing a web app to be sure that session data does not get out of control, but that is clearly not the case here.
hth,
bear


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Sue Spielman
Author
Ranch Hand

Joined: Apr 21, 2003
Posts: 56
John, most of the default scoping used by the JSTL is page, not session. Are you explictly setting the scope attribute to session? If not, which actions are you talking about?
Sue


President/Consulting Engineer<br />Switchback Software LLC<br /><a href="http://www.switchbacksoftware.com" target="_blank" rel="nofollow">www.switchbacksoftware.com</a>
John O'Hanley
Greenhorn

Joined: Oct 13, 2002
Posts: 24
I have seen the issue with the fmt tag. Here is an example.
<%--
Unwanted: Places bean named javax.servlet.jsp.jstl.fmt.request.charset in session scope
--%>
<%--
Copyright © <fmt:formatDate value="${now}" pattern="yyyy" /> - Hirondelle Systems
--%>
<%--
If this hard-coded style is used, the javax.servlet.jsp.jstl.fmt.request.charset
bean will not be placed in session scope
--%>
Copyright © 2004 - Hirondelle Systems
Log extracts:
WITH fmt tag, I get both session creation, and a bean placed in session scope:
Sep 30, 2003 5:00:49 PM hirondelle.webappskeleton.ui.AbstractRequestParser checkParamNamesAndValues
FINE: SESSION CreationDate: Tue Sep 30 17:00:25 EDT 2003
SESSION Object Name: javax.servlet.jsp.jstl.fmt.request.charset Value: "ISO-8859-1"
WITHOUT fmt tag, there is no bean in session scope, but session creation
is still taking place:
Sep 30, 2003 5:02:26 PM hirondelle.webappskeleton.ui.AbstractRequestParser checkParamNamesAndValues
FINE: SESSION CreationDate: Tue Sep 30 17:02:25 EDT 2003

Such sessions are not part of my program logic. I cannot see any other possible source for them except JSTL. If such is the case, I would submit that JSTL should *NOT* be behaving like this. No way Jos�.
John O'Hanley
Greenhorn

Joined: Oct 13, 2002
Posts: 24
FYI:
From the JSTL spec, section 8.4:
"After an action has called ServletResponse.setLocale(), and sessions are
enabled, it must determine the character encoding associated with the response locale (by calling ServletResponse.getCharacterEncoding()) and store it in the scoped variable javax.servlet.jsp.jstl.fmt.request.charset in session scope."
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
Surelly I can say that JSTL is in page scope by default too... Unless the developers intentionally set the attributes to be session scope


Co-author of SCMAD Exam Guide, Author of JMADPlus
SCJP1.2, CCNA, SCWCD1.4, SCBCD1.3, SCMAD1.0, SCJA1.0, SCJP6.0
John O'Hanley
Greenhorn

Joined: Oct 13, 2002
Posts: 24
Well, according to my last quote of the JSTL spec, your comment is glaringly and incontrovertibly false.
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8904

Originally posted by John O'Hanley:
Well, according to my last quote of the JSTL spec, your comment is glaringly and incontrovertibly false.

John,
Are you able to retrieve javax.servlet.jsp.jstl.fmt.request.charset attribute value from session?


Groovy
John O'Hanley
Greenhorn

Joined: Oct 13, 2002
Posts: 24
Yes.
As shown in this log extract, the value is "ISO-8859-1", which is the default character encoding.
SESSION Object Name: javax.servlet.jsp.jstl.fmt.request.charset Value: "ISO-8859-1"
As well, I am using the Jakarta Taglibs implementation.
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8904

This means that session is created even if do not want to. :roll:
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8904

This attribute may be used by the <fmt:requestEncoding> action (see
Section 8.10) in a page invoked by a form included in the response to set the request
charset to the same as the response charset. This makes it possible for the container
to decode the form parameter values properly, since browsers typically encode form
field values using the response�s charset.
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
Originally posted by Pradeep Bhat:
This means that session is created even if do not want to. :roll:

I guess so.... :roll:
Pradeep bhatt
Ranch Hand

Joined: Feb 27, 2002
Posts: 8904

Originally posted by Ko Naing:

I guess so.... :roll:


Thatss bad.. any work arounds?
:roll:
Jeroen Wenting
Ranch Hand

Joined: Oct 12, 2000
Posts: 5093
Originally posted by Pradeep Bhat:


Thatss bad.. any work arounds?
:roll:


Switch to ASP .NET


42
Ko Ko Naing
Ranch Hand

Joined: Jun 08, 2002
Posts: 3178
Originally posted by Pradeep Bhat:


Thatss bad.. any work arounds?
:roll:

Switch to C# .Net, since syntax of C# is similar to that of Java...
John O'Hanley
Greenhorn

Joined: Oct 13, 2002
Posts: 24
The answer:
JSPs always create a session, if one does not exist.
This default behavior is turned off using the page directive, as in
<%@ page session="false" %>
See:
http://www.javapractices.com/Topic191.cjp
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSTL creates unwanted sessions
 
Similar Threads
destroy sessionContext from EJB?
JSTL Help
can the scope be added to all JSTL tags?
Backing Bean Scope (Best Practices?)
Session Tracking using HttpSession