aspose file tools*
The moose likes Servlets and the fly likes JSESSIONID question Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "JSESSIONID question" Watch "JSESSIONID question" New topic
Author

JSESSIONID question

Sagar Salapaka
Greenhorn

Joined: Feb 06, 2002
Posts: 12
Can anyone explain why my JSESSIONID cookie does not change even if I logoff [calls ] and log back in to the application?
Thanks.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

Well it should, but in truth it doesn't have to.
Firstly, don't confuse logging off with invalidating the session. Invalidate can often cause a logoff or behaviour similar to it, but they aren't the same.
The session id is just a tag to associate requests to a client and therefore introduce some state to the server. A client can send an invalid session id, as long as the server doesn't do anything with it, there's no problem. If someone has a valid session id then it is invalidated, the session is no longer valid, but there is no reason the same id can't be retained. If the person then starts a new session, it is OK for the server to see this ID and reuse it.
In practice, I think this behaviour would be specific to the server you are using. It's valid, but far to specific for all servers to do it. Never make any assumptions on sessions or session ids, they tend to be slightly different on each server.
Dave.
Sagar Salapaka
Greenhorn

Joined: Feb 06, 2002
Posts: 12
Well explained. Thanks!
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: JSESSIONID question