my dog learned polymorphism*
The moose likes Servlets and the fly likes HttpSession - isValid() Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of Android Security Essentials Live Lessons this week in the Android forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "HttpSession - isValid()" Watch "HttpSession - isValid()" New topic
Author

HttpSession - isValid()

Marcos Urata
Greenhorn

Joined: Dec 31, 2004
Posts: 26
I know that Tomcat on his implementation class of HttpSession has a method called isValid() that verifies if the session is valid or not.

Is there any way to know if a session is still valid? I mean, if at any time the invalidate() method was called?
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30136
    
150

Marcos,
You can store an object in the session. For example, when the user logs in call session.setAttribute("valid", "");

When you get access to the session see if session.getAttribute("valid") is null. If so, the session was invalidated (and therefore all objects were unbound.) If it is not null, the session is still valid.


[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Joe Nguyen
Ranch Hand

Joined: Apr 20, 2001
Posts: 161
When you get access to the session see if session.getAttribute("valid") is null. If so, the session was invalidated (and therefore all objects were unbound.) If it is not null, the session is still valid.

If you try to get attribute of an invalid session, you'll get a runtime exception named IllegalStateException.

Another way is to implements HttpSessionListener which will be notified when invalidate session occurs.
Ed Wallen
Ranch Hand

Joined: Feb 11, 2002
Posts: 34
I agree with Joe.........the best way is to use the HttpSessionListener. If you just wanted to find out if you have a session or not, you can do the following:

HttpSession session = request.getSession(false);
if (session != null) {
// You have a valid session established
}
else {
// There is no session established with the current request
}
Preetham Chandrasekhar
Ranch Hand

Joined: Nov 05, 2003
Posts: 98
HttpSession session = request.getSession(false);
//this line says if the session you get is not null then go ahead if there //does'nt exist a session dont create it.

//then u can check if the session is null or not by the following statements

if(session == null) {
//you can redirect the user to the error page or whereever u want him to go to
}


"In theory, there is no difference between theory and practice. But, in practice, there is."<br /> - Jan L.A. van de Snepscheut
Jeanne Boyarsky
internet detective
Marshal

Joined: May 26, 2003
Posts: 30136
    
150

Joe,
Good point. I had forgotten about that. My post applies to if invalidate() was called on a previous request.

Marcos,
You can still use the method I described; just wrap it in a try/catch block.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: HttpSession - isValid()
 
Similar Threads
HttpSession using JSF
JSF Filter prevent direct access certain page
easymock, j2ee (struts 2) and debugging...
getting the IP when the session is created
Regarding assertion