aspose file tools*
The moose likes Servlets and the fly likes question on session creation and invalidatation Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Java 8 in Action this week in the Java 8 forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "question on session creation and invalidatation" Watch "question on session creation and invalidatation" New topic
Author

question on session creation and invalidatation

Peter W Smith
Greenhorn

Joined: Aug 28, 2002
Posts: 10
I thought I know well about session in specific and web application in general, but I got weird error with my app running on JRun 4. So please answer my question below.
Web Application Scenerio:
There are five pages in the simplified application: home.htm, account.jsp, account_detail.jsp, login.htm, logout.jsp.
A User first requests the home.htm page which contains a link to account.jsp. In web.xml, account.jsp and
account_detail.jsp are configured to be protected while home.htm is not. So when the user clicks on the link to
account.jsp on the home.htm page, Jrun serves the standard login.htm page for the user to enter id and password. A
successful login leads the user to the account.jsp.
Account.jsp is coded with "session=true", and it creates serializable objects and stores them in "session". The links
on it allows the user to natigate to account_detail.jsp. Account_detail.jsp is coded with "session=true", and it
accesses the previously-created "session attributes/objects". In addition, it contains the logout button which links
to logout.jsp page. On the logout.jsp page, "session.invalidate()" is called.
One usage scenerio:
(1) user requests home.htm
(2) user clicks on the link to account.jsp in home.htm
(3) Jrun sends login.htm to user, and user submits corrent id/password
(4) Jrun authentidates/authorizes the user, and executes/sends back account.jsp
(5) user clicks the link to navigate to account_detail.jsp
(6) user clicks on logout button on account_detail.jsp
(7) "session.invalidate()" is called in logout.jsp before this page is sent back to user.
(8) the link to home.htm on logout.jsp page allows the user to navigate back to home.htm
(9) from the home.htm, the next login/access/logout sequence starts.
(10) user clicks on the link to account.jsp in home.htm, same as (2)
(11) Jrun sends login.htm to user, and user submits corrent id/password, same as (3)
(12) Jrun authentidates/authorizes the user, and executes/sends back account.jsp, same as (4)
(13) ... continues...
Question:
There are three types of entities:
(1) jsessionID in the cookie
(2) the "session" Java object in Servlet API
(3) "session attributes", serializable objects that are created and stored in "session" object.
The general question is
(1) when each entity of the three types is generated,
(2) when the previously generated entity is detroyed,
(3) When each is re-generated with new value
Specifically, what happens in each of the 12 steps in the usage scenerio described above?
Dominic Paquette
Ranch Hand

Joined: Dec 13, 2002
Posts: 64
Hi,
I would think that the jsessionid and the session object are created when you call HttpServletRequest.getSession to create a new session.
I guess that when you call HttpSession.invalidate and that there are no other references made to the HttpSession object, it get's garbage collected.
Remember, I'm really not sure about what I'm saying here
Dominic
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: question on session creation and invalidatation
 
Similar Threads
Logout Problem - Session related
How to disabel the back and forward after session is invalidated
session problem
Log Out Problem
How to remove JSESSIONID cookie on session invalidation