wood burning stoves 2.0*
The moose likes Servlets and the fly likes HTTP Session creation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "HTTP Session creation" Watch "HTTP Session creation" New topic

HTTP Session creation

JeanLouis Marechaux
Ranch Hand

Joined: Nov 12, 2001
Posts: 906
Hi Friends,
A simple question for you.
Is a HTTP Session only created when calling request.getSession(true) or is it another way to create a session.
Is it possible that a servlet container creates a session automatically, without being asked for ??
Thanx for your help.

/ JeanLouis<br /><i>"software development has been, is, and will remain fundamentally hard" (Grady Booch)</i><br /> <br />Take a look at <a href="http://www.epfwiki.net/wikis/openup/" target="_blank" rel="nofollow">Agile OpenUP</a> in the Eclipse community
David O'Meara

Joined: Mar 06, 2001
Posts: 13459

Yep, a container can create one without telling you.
For example, if a servlet container has form-based security enabled, if a user is not logged in and accesses a secure page, a session gets created, the page they tried to access gets put on the session and they are redirected to the login page. After they have logged in, the original page is read from the session and they are redirected back to the page they requested. (note that all of this is done via configuration, you don't write a line of code)
The moral of the story is that this is the first time your code gets accessed but the user already has a valid session.
JeanLouis Marechaux
Ranch Hand

Joined: Nov 12, 2001
Posts: 906
Thanks Dave for this answer.
Is there any documentation somewhere where I could figure out when the container can create a session "by itself" ?
For example, in my application, it seems (but not sure) the code :
getRequestDispatcher("Another_url").forward(request, response);
creates a session, but I do not have any documentation to prove it.
Any useful links ?
Originally posted by David O'Meara:
Yep, a container can create one without telling you.

Kyle Brown
Ranch Hand

Joined: Aug 10, 2001
Posts: 3892
JSP's automatically create a session by default unless you use the page directive to turn them off. This is described in the JSP 1.1 specification section 2.7.1.
You have to use < %@ page session="false" %> to turn this off.
Kyle Brown,
Author of Enterprise Java (tm) Programming with IBM Websphere
See my homepage at http://members.aol.com/kgb1001001 for other WebSphere information.

Kyle Brown, Author of Persistence in the Enterprise and Enterprise Java Programming with IBM Websphere, 2nd Edition
See my homepage at http://www.kyle-brown.com/ for other WebSphere information.
JeanLouis Marechaux
Ranch Hand

Joined: Nov 12, 2001
Posts: 906
Hum, I got my answer, but I'm still intersted in having documentation about container behavior.
In my application, the page to which I forward is a jsp page... Thus a session is created automatically....
I agree. Here's the link: http://aspose.com/file-tools
subject: HTTP Session creation