• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HTTP Session creation

 
JeanLouis Marechaux
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Friends,
A simple question for you.
Is a HTTP Session only created when calling request.getSession(true) or is it another way to create a session.
Is it possible that a servlet container creates a session automatically, without being asked for ??
Thanx for your help.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yep, a container can create one without telling you.
For example, if a servlet container has form-based security enabled, if a user is not logged in and accesses a secure page, a session gets created, the page they tried to access gets put on the session and they are redirected to the login page. After they have logged in, the original page is read from the session and they are redirected back to the page they requested. (note that all of this is done via configuration, you don't write a line of code)
The moral of the story is that this is the first time your code gets accessed but the user already has a valid session.
Dave.
 
JeanLouis Marechaux
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Dave for this answer.
Is there any documentation somewhere where I could figure out when the container can create a session "by itself" ?
For example, in my application, it seems (but not sure) the code :
getRequestDispatcher("Another_url").forward(request, response);
creates a session, but I do not have any documentation to prove it.
Any useful links ?
Originally posted by David O'Meara:
Yep, a container can create one without telling you.
Dave.

 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
JSP's automatically create a session by default unless you use the page directive to turn them off. This is described in the JSP 1.1 specification section 2.7.1.
You have to use < %@ page session="false" %> to turn this off.
Kyle
------------------
Kyle Brown,
Author of Enterprise Java (tm) Programming with IBM Websphere
See my homepage at http://members.aol.com/kgb1001001 for other WebSphere information.
 
JeanLouis Marechaux
Ranch Hand
Posts: 906
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hum, I got my answer, but I'm still intersted in having documentation about container behavior.
In my application, the page to which I forward is a jsp page... Thus a session is created automatically....
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic