• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Same SessionID after invalidating Session

 
Hariharasudhan Kalyani Sundaram
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I am using WL 8.1 and I am invalidating the session using session.invalidate() in my servlet.After invalidating I am creating one more session in the same servlet.I am printing the sessionId before Invalidation and after Invalidation both are same.

Any Clue?

log.debug("Before deleting the exixsting sessions");
log.debug("try to print the sessionID to check ------> : "+session.getId());
if(session!=null)
{
session.invalidate();
}

log.debug("After invalidating the session");


session = request.getSession(true);

log.debug("Before setting the session attributes to new Session ");
log.debug("After overwriting Session ID :"+session.getId());

log.debug("After overwriting Session created time :"+session.getCreationTime());


Thanks in Advance
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
This is perfectly valid. The session is stored on the server, the session ID is a way of referring to it. If the server session gets replaced with another instance, then life can go on as normal. It doesn't matter whether the session ID is the same or different.
 
Amit Ghorpade
Bartender
Posts: 2851
10
Fedora Firefox Browser Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Hariharasudhan Kalyani Sundaram welcome to Javaranch,
I am using WL 8.1 and I am invalidating the session

First things first, UseRealWords WL is not a real word.

And there is no problem if you get same session id more than once if its not in use, after all it is generated at random.
Check if the session still exists.

Please take some time to read the Ask Good Questions link below so that you get more from the ranch.


Hope this helps .
 
Hariharasudhan Kalyani Sundaram
Greenhorn
Posts: 2
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You're welcome.
and Welcome
 
Raghavan Muthu
Ranch Hand
Posts: 3381
Mac MySQL Database Tomcat Server
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by David O'Meara:
You're welcome.
and Welcome


That's nice to read David
 
Jetendra Ivaturi
Ranch Hand
Posts: 159
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Its a bug in weblogic server.

Please post the same in weblogic forum and you could expect some work around.

As of my knowledge its a bug in weblogic server.
 
Raghavan Muthu
Ranch Hand
Posts: 3381
Mac MySQL Database Tomcat Server
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes, seems to be and may possibly be! Even then, if the session is destroyed and what's wrong in using the same id for the newly created session? So long as the session is valid, what else the user should be concerned for? -- Isn't it a different perspective to think of?
 
Jetendra Ivaturi
Ranch Hand
Posts: 159
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Yes you are right... But that's how its designed. Try experimenting some other server. I believe there's a request for the same.

Shortly we might expect that the bug be fixed...
 
Amit Ghorpade
Bartender
Posts: 2851
10
Fedora Firefox Browser Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Jetendra Ivaturi
Its a bug in weblogic server.

Please post the same in weblogic forum and you could expect some work around.

As of my knowledge its a bug in weblogic server.


What makes you think that it is a bug in the server?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I agree: why a bug? Possibly not the expected behaviour, sure, but that doesn't make it a bug. The only way it would be a bug was if it was different to the behaviour specified in the Servlet Specification, but to my knowledge it is not specified and I'm not going looking for it. I am not aware of the behaviour on all servers, but I'm sure a previous version of Tomcat did the same thing.
 
Jetendra Ivaturi
Ranch Hand
Posts: 159
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have worked on weblogic for quite some time. That made me to tell that as bug. Research is going on that.
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I don't doubt your experience, just the interpretation.
 
Amit Ghorpade
Bartender
Posts: 2851
10
Fedora Firefox Browser Java
  • 0
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
That made me to tell that as bug. Research is going on that.

Where is it mentioned that research is going on for the same?
I could not find any such thing mentioned on the BEA site.

And David is right, the servlet container should follow the specification, the implementation is vendor specific.


Hope this helps .
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic