Guys i found the following quote in one of the forums, and am not convinced with this statement, let me know if this is true, plzz
When you forward the request with requestDispatcher.forward the target servlet/JSP share the same session. But with sendRedirect the session information is not preserved. ( target is not in scope of session)
No that statement is wrong as my knowledge goes. i have worked with the servlets and used the sendredirect mechanism, and the session info is preserved there, im able to get the session object from there also
As far as I am aware it is wrong. The only condition I can think where it may be correct is the situation where the sendRedirect is the response to the first request, and this response is also the one trying to set the session cookie. I'm not convinced but it may be possible.
In this case the instruction either may not be sent or accepted and hence the session would not be created , but but I'm not sure, and I'm not convinced.
OK, I see where the confusion is coming from. The quote is not correct, or in the very least worded very badly. But I think I understand what the author was trying to get at.
If you use sendRedirect to redirect the user to a different context, i.e. a different application, of course the session information is not preserved. It would be meaningless because sessions are tied to a specific context. (for example, my session information from javaranch would have no meaning if I decided to go to yahoo)
However, using sendRedirect within the same context works perfectly. The author of the previous quote mistakenly implies that sendRedirect is only used when changing contexts, however, this is not the case. There are times when it is advisable to redirect within the same context. For example, if you need to send the user to a new page, but wanted to maintain the previous page's URL inthe browser cache.
“Programming today is a race between software engineers striving to build bigger and better idiot-proof programs, and the Universe trying to produce bigger and better idiots. So far, the Universe is winning.” - Rich Cook
Another case when the redirect is to switch to different protocol http to https.
What would happen in above situation - sendRedirect() to same context but changing to ssl. I dont know about SSL much but its seems that it has some built-in facility to identify clients. And in that a case, a newly created SSL session should be considered as some new session. Am I right?