aspose file tools*
The moose likes Servlets and the fly likes Same SessionID after invalidating Session Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Same SessionID after invalidating Session" Watch "Same SessionID after invalidating Session" New topic
Author

Same SessionID after invalidating Session

Hariharasudhan Kalyani Sundaram
Greenhorn

Joined: Jan 31, 2006
Posts: 2
Hi all,

I am using WL 8.1 and I am invalidating the session using session.invalidate() in my servlet.After invalidating I am creating one more session in the same servlet.I am printing the sessionId before Invalidation and after Invalidation both are same.

Any Clue?

log.debug("Before deleting the exixsting sessions");
log.debug("try to print the sessionID to check ------> : "+session.getId());
if(session!=null)
{
session.invalidate();
}

log.debug("After invalidating the session");


session = request.getSession(true);

log.debug("Before setting the session attributes to new Session ");
log.debug("After overwriting Session ID :"+session.getId());

log.debug("After overwriting Session created time :"+session.getCreationTime());


Thanks in Advance


The safest Place for ship is harbor but it is never built for that
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

This is perfectly valid. The session is stored on the server, the session ID is a way of referring to it. If the server session gets replaced with another instance, then life can go on as normal. It doesn't matter whether the session ID is the same or different.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2718
    
    6

Hi Hariharasudhan Kalyani Sundaram welcome to Javaranch,
I am using WL 8.1 and I am invalidating the session

First things first, UseRealWords WL is not a real word.

And there is no problem if you get same session id more than once if its not in use, after all it is generated at random.
Check if the session still exists.

Please take some time to read the Ask Good Questions link below so that you get more from the ranch.


Hope this helps .


SCJP, SCWCD.
|Asking Good Questions|
Hariharasudhan Kalyani Sundaram
Greenhorn

Joined: Jan 31, 2006
Posts: 2
Thanks
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

You're welcome.
and Welcome
Raghavan Muthu
Ranch Hand

Joined: Apr 20, 2006
Posts: 3355

Originally posted by David O'Meara:
You're welcome.
and Welcome


That's nice to read David


Everything has got its own deadline including one's EGO!
[CodeBarn] [Java Concepts-easily] [Corey's articles] [SCJP-SUN] [Servlet Examples] [Java Beginners FAQ] [Sun-Java Tutorials] [Java Coding Guidelines]
Jetendra Ivaturi
Ranch Hand

Joined: Feb 08, 2007
Posts: 159
Its a bug in weblogic server.

Please post the same in weblogic forum and you could expect some work around.

As of my knowledge its a bug in weblogic server.


SCJP 1.4 & 1.5, SCWCD 1.5. Learn and Let Learn.
Raghavan Muthu
Ranch Hand

Joined: Apr 20, 2006
Posts: 3355

Yes, seems to be and may possibly be! Even then, if the session is destroyed and what's wrong in using the same id for the newly created session? So long as the session is valid, what else the user should be concerned for? -- Isn't it a different perspective to think of?
Jetendra Ivaturi
Ranch Hand

Joined: Feb 08, 2007
Posts: 159
Yes you are right... But that's how its designed. Try experimenting some other server. I believe there's a request for the same.

Shortly we might expect that the bug be fixed...
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2718
    
    6

Originally posted by Jetendra Ivaturi
Its a bug in weblogic server.

Please post the same in weblogic forum and you could expect some work around.

As of my knowledge its a bug in weblogic server.


What makes you think that it is a bug in the server?
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I agree: why a bug? Possibly not the expected behaviour, sure, but that doesn't make it a bug. The only way it would be a bug was if it was different to the behaviour specified in the Servlet Specification, but to my knowledge it is not specified and I'm not going looking for it. I am not aware of the behaviour on all servers, but I'm sure a previous version of Tomcat did the same thing.
Jetendra Ivaturi
Ranch Hand

Joined: Feb 08, 2007
Posts: 159
I have worked on weblogic for quite some time. That made me to tell that as bug. Research is going on that.
David O'Meara
Rancher

Joined: Mar 06, 2001
Posts: 13459

I don't doubt your experience, just the interpretation.
Amit Ghorpade
Bartender

Joined: Jun 06, 2007
Posts: 2718
    
    6

That made me to tell that as bug. Research is going on that.

Where is it mentioned that research is going on for the same?
I could not find any such thing mentioned on the BEA site.

And David is right, the servlet container should follow the specification, the implementation is vendor specific.


Hope this helps .
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Same SessionID after invalidating Session