i read the below line will create the new session HttpSession.getSession(true);---> return the new session object if none is associated with the request.
how this object can be made asssociate to a particular user like session 1 is for user 1 and session 2 for user 2 and so on....
and if the session become invalid (after some expire time) how the user is abanded from proceeds further saying your session is expires...
how the above basic functionality is acheived..
Any one please....
Joined: Sep 11, 2005
Association of a Session object to a user is done by the container. Apart from calling getSession() method, a servlet programmer need not do any extra things.
This association is done by using a cookie called jsessionid that is sent by the container everytime in the response. The browser sends this back with every subsequent request, so the container can identify the session object for this user. If cookies are disabled in the client, then you have to use encodeURL()/encodeRedirectURL() methods to acheive this.
You can get this id using getSessionId() method in the HttpSession object.
NOTE: getSession(false) returns a HttpSession object only if a session already exists for this user. Else, it returns null.