request.getSesion(false) problem

Hi,

Flow of the application is.

loginServlet->role.jsp.

role.jsp contains has a html file as it's top frame.In this html file, there are few link's to different jsp's.

When I click one of those links and visit the required jsp.

when I do sess = request.getSession(false); in that jsp.

session returns null.

is it bcoz of the frame file being a html file, it is unable to carry forward the session.

fast response will be a great help.

Regards,
Neeraj.

may be, not sure. you can try after changing the extension of your top frame file to .jsp.

Try using request.getSession(true). It is safer to use as I doubt that a session is already created in your case. Cross check it by storing some value in the user session first and then try to retrieve it in the desired page. request.getSession(true) will return the existing session if 1 is there else it will create a new session and it is returned. request.getSession(false) will return null if there is no session for the client. The boolean value passed to the getSession() method is create flag for session.

Nitin Dubey

Thanks for the inputs.

Nitin, That's wat the application is trying to achieve, if the request is not from the same session redirect it to login page again.

neeraj.

but I am still clueless why it is getting session==null

neeraj.

okay first thing is , unless your apllication wants to participate in the session your session is not created. the first time when a session gets created for your application is when you call the getsession() or getsessio(true) which indicates your webserver that this application is participating in the session.

As you said the whole purpose is to see if they belong to same session use a getsession() and then you can use the session.getId() and compare the session ids.

I steer my developers away from using the request.getSession() without using the boolean create qualifier. Using .getSession(true) at application entry points and thereafter only using .getSession(false) allows greater control over when a user gets a valid session.

If .getSession() is used throughout the application, it may result in user obtaining a valid session when they shouldn't.

TIP: A test for valid session should NOT consist of simply:
if ( request.getSession(false) != null ). It is better to look for the presence or absence of application-specific objects within the session to determine if session is valid.
[ October 28, 2004: Message edited by: G Hamer ]