from API javadocs To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown. What effect does this have when we use the implicit session object in a JSP, since we are not actually getting it from request directly?
The future is here. It's just not evenly distributed yet. - William Gibson
Consultant @ Xebia. Sonny GillTweets
For the session object to be available in the jsp page, the use session attribute of the page directive should not be false; true is the default and no attribute defaults to true. The jsp will set the session appropriately before any response is committed, so you should not worry about an IllegalStateException at that particular stage. I have written a web application where a valid session is created in one filter only and no where else. That is, other jsps and servlets have to use the session created by the filter or do something else if such session does not exist. I guess you would like to know the equivalent for a jsp page of servlets' request.getSession(false) which return a session if one exist or null if none exist. Well, there isn't. The way to handle such things in a jsp, is to check if the session is new (session.isNew()). If true, the session has just been create in the jsp and invalid in my case, so I invalidate the session and handle the rest as appropriate. If false, the session can be processed.
SCJP, SCWCD, SCBCD, IBM CSD WebSphere v5, <br />A+, MCP 2000 and 2000 server, CST, and few incompleted certification tracks.<br /> <br />Ivory Coast<br /> <br />Analyze your web Request/Response @ <a href="http://webtools.servehttp.com" target="_blank" rel="nofollow">http://webtools.servehttp.com</a> down for a while...
subject: getSession(boolean create) in HttpServletRequest