wood burning stoves 2.0*
The moose likes Servlets and the fly likes a question about sessions ... Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "a question about sessions ..." Watch "a question about sessions ..." New topic
Author

a question about sessions ...

Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
Hi guys...
1o.) what does:
request.getSession(false)
do?
I don't understand the false attribute.
2o.) when do you use
response.encodeURL??
when the browser does not support cookies??
3o.) if the browser does not support cookies, can I still use request.getSession??
thanks..


I'm not going to be a Rock Star. I'm going to be a LEGEND! --Freddie Mercury
Pat Wallwork
Ranch Hand

Joined: Sep 23, 2001
Posts: 72
Hi,
1) getSession(false) is an overloaded method that gets an existing session only. If one isn't present then (false) specifies not to create a new session. getSession() or getSession(true) creates a new session if a current one does not exist.
2) You should use encodeURL and encodeRedirectURL for links to other pages that require the current session. If a user has cookies turned off and your links are not encoded the session will be lost.
3) Yes, if you are using encodeURL.
A brief explanation is if a user has cookies turned on then the sessionID is sent along with each request by the browser. If not, and your links are encoded the sessionID is appended to the URL like this:
foo.com/whatever.jsp;jsessionid=s2erhfu0c1
As long as you encodeURL all links the method automatically determines whether to append the sessionID or use cookies.
-Pat
[ August 25, 2002: Message edited by: Pat Wallwork ]
Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
thank you.. but:
I'm implementing my web application with sessions and I just noticed this 'problem' (when the user has disabled cookies). what should I do? is it as easy as adding all this encodeURL? or.. should I first check if the user has cookies enabled (how do I do that?). what is the procedure to follow?
thanks
Pat Wallwork
Ranch Hand

Joined: Sep 23, 2001
Posts: 72
I sympathize with you
It sounds like your learning about them the same way I did. I finished a big app I'd been working on for awhile when someone told me that if they had cookies off they couldn't log-in. After some research I found out all about the encodeURL and had to add that to every link in the site that led to another page which required the current session.
Once you do that to your links you won't have to worry about it anymore. I'd bet this is probably a common mistake people make all the time. And don't anyone say different, it makes me feel better
-Pat
James Carman
Ranch Hand

Joined: Feb 20, 2001
Posts: 580
Originally posted by Pat Wallwork:
I sympathize with you
It sounds like your learning about them the same way I did. I finished a big app I'd been working on for awhile when someone told me that if they had cookies off they couldn't log-in. After some research I found out all about the encodeURL and had to add that to every link in the site that led to another page which required the current session.
Once you do that to your links you won't have to worry about it anymore. I'd bet this is probably a common mistake people make all the time. And don't anyone say different, it makes me feel better
-Pat

You could use the Struts html tag library which handles all of this stuff for you in the "link" tag.


James Carman, President<br />Carman Consulting, Inc.
Andres Gonzalez
Ranch Hand

Joined: Nov 27, 2001
Posts: 1561
Thanks guys.. So, let me get this straight.
if I have a bunch of links and they all deal with objects in the session I should do something like this:

right?
and if I'm working with:
response.sendRedirect();
I should change it with
response.encodeRedirectURL()
right?
what about if I'm using forward?
thanks
Anthony Villanueva
Ranch Hand

Joined: Mar 22, 2002
Posts: 1055
Originally posted by Andres Gonzalez:
Hi guys...
1o.) what does:
request.getSession(false)
do?
I don't understand the false attribute.
2o.) when do you use
response.encodeURL??
when the browser does not support cookies??
3o.) if the browser does not support cookies, can I still use request.getSession??
thanks..

1. According to the docs:
public HttpSession getSession(boolean create)
Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session. If create is false and the request has no valid HttpSession, this method returns null.
2. You use encodeURL to maintain session tracking when the client browser does not accept cookies. It's a fallback mechanism in such a case. The web server recognizes the session because this method appends the jsessionid to the query string for you. According to the specs:
SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session id, to the URL
path that is interpreted by the container to associate the request with a session. The session id must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Here is an example of a URL
containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234
3. Yes, if you've implemented encodeURL
There's an example of using encodeURL here
 
It is sorta covered in the JavaRanch Style Guide.
 
subject: a question about sessions ...
 
Similar Threads
cookies="false" doesn't work in all cases
Doubt in Cookies
User gets logged out automatically
isRequestedSessionIdValid == false every time
a question about jsp's session