Hi Friends, A simple question for you. Is a HTTP Session only created when calling request.getSession(true) or is it another way to create a session. Is it possible that a servlet container creates a session automatically, without being asked for ?? Thanx for your help.
/ JeanLouis<br /><i>"software development has been, is, and will remain fundamentally hard" (Grady Booch)</i><br /> <br />Take a look at <a href="http://www.epfwiki.net/wikis/openup/" target="_blank" rel="nofollow">Agile OpenUP</a> in the Eclipse community
Yep, a container can create one without telling you. For example, if a servlet container has form-based security enabled, if a user is not logged in and accesses a secure page, a session gets created, the page they tried to access gets put on the session and they are redirected to the login page. After they have logged in, the original page is read from the session and they are redirected back to the page they requested. (note that all of this is done via configuration, you don't write a line of code) The moral of the story is that this is the first time your code gets accessed but the user already has a valid session. Dave.
Joined: Nov 12, 2001
Thanks Dave for this answer. Is there any documentation somewhere where I could figure out when the container can create a session "by itself" ? For example, in my application, it seems (but not sure) the code : getRequestDispatcher("Another_url").forward(request, response); creates a session, but I do not have any documentation to prove it. Any useful links ?
Originally posted by David O'Meara: Yep, a container can create one without telling you. Dave.
JSP's automatically create a session by default unless you use the page directive to turn them off. This is described in the JSP 1.1 specification section 2.7.1. You have to use < %@ page session="false" %> to turn this off. Kyle ------------------ Kyle Brown, Author of Enterprise Java (tm) Programming with IBM Websphere See my homepage at http://members.aol.com/kgb1001001 for other WebSphere information.
Hum, I got my answer, but I'm still intersted in having documentation about container behavior. In my application, the page to which I forward is a jsp page... Thus a session is created automatically....