This week's giveaway is in the Android forum.
We're giving away four copies of Android Security Essentials Live Lessons and have Godfrey Nolan on-line!
See this thread for details.
The moose likes Servlets and the fly likes isRequestedSessionIdValid == false every time Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "isRequestedSessionIdValid == false every time" Watch "isRequestedSessionIdValid == false every time" New topic
Author

isRequestedSessionIdValid == false every time

Heath Lilley
Ranch Hand

Joined: Jan 09, 2001
Posts: 72
Hello all,
I have written about 10 web applications using a basic, in-house session management architecture with no issues, however, my company has decided to implement single sign on with WAS and Domino so the config on the appserver has changed to use security with LTPA and also SSO (Single Sign On). Now here is the back ground.
1. Running WAS 3.5.4 on Windows 2000 (its my desk top, i have to use WAS instead of VAJ WTE cause of no cookie support)
2. Global Security is on and configured correctly ( i am getting the sessessionid and ltpatoken cookies generated so no problems there)
Session Manager settings
1. Sessions are enabled.
2. Cookies are enabled. (Both on the server AND ON IN MY BROWSER -- IE 5.5)
3. cookie name=sesessionid
4. domain name=<domainName>.com
5. Cookie max age=-1 (set to live as long as the session),
6. cookie secure=no(haven't set this yet), cookies are NOT persistant, invalidation time for the SERVER is 1800 secs, invalidation time for the webapps are 30 min (acctual values), cache is enabled, and overflow is enabled.
Now here is the issue, i have a problem when i run th following code in my servlet.

the get requested session id method always returns false and the session is always null... This is correct for the first time i hit the servlet but not for every time after that. And after the initial creation of the request.getSession(true) when i re-enter the servlet the session is null AGAIN. I have never had this problem before, any ideas??
Amir Kamran
Ranch Hand

Joined: Apr 21, 2002
Posts: 48
Hello!
u can just use the getSession() method which returns the current session or a new session if the request does not have one.
Heath Lilley
Ranch Hand

Joined: Jan 09, 2001
Posts: 72
Thanks for the reply. I have to do other different processes that depends on the true or false value... this is a little cleaner in the complete code.
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: isRequestedSessionIdValid == false every time
 
Similar Threads
Problems with sessions
Doubt in Session.isNew()
Shopping carts and sessions and cookies, oh my!
Session and cookies
creating secure Java apps