Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
The moose likes Servlets and the fly likes session management doubt Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Java » Servlets
Bookmark "session management doubt" Watch "session management doubt" New topic
Author

session management doubt

Dash Abhisek
Ranch Hand

Joined: Jul 20, 2008
Posts: 63
Hi everyone I am unable to understand the session management concept
I am providing the program and I will tell exactly where I am stuck


as far as my understanding goes :-
when the client enters his name and age in the form.html the request
goes to scwcd servlet where we get a session object then the request
is dispatched to a second jsp asking him for plot no and when the user
enters the plot number the request goes to "testservlet" servlet where
I have written a line (req.getsession()) as my second request carries the
session id it is matched and the server comes to know that this another request from the same client and when I write get attribute it gives me back the set attributes and I display it uptill this it is ok but when I disable the cookies the server should generate a new session object and getAttributes should return null but in my case I am getting the set attributes. I am confused.either there is a flaw in my understanding
or somehow I am not disabling the cookies in my IE....,

Please help to let me know where I am wrong
Thanks in advance(for showing patience!!!)
-Abhisek
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30789
    
157

Abhisek,
Cookies aren't the only way of keeping a session alive. URL Rewriting is another one (jsessionid shows up on the URL). So your session can be active without a cookie.

Also, session cookies are treated differently than persistent cookies. Check if your browser is disabling session cookies too. If not, turning off cookies isn't preventing a session.

[edited to fix typo]
[ September 20, 2008: Message edited by: Jeanne Boyarsky ]

[Blog] [JavaRanch FAQ] [How To Ask Questions The Smart Way] [Book Promos]
Blogging on Certs: SCEA Part 1, Part 2 & 3, Core Spring 3, OCAJP, OCPJP beta, TOGAF part 1 and part 2
Dash Abhisek
Ranch Hand

Joined: Jul 20, 2008
Posts: 63
Hi Jeanne,

Thanks very much for replying but still I am facing the same problem,I am getting the values where I am expecting null values.i haven't gone for
any encoding of url and no jsession id gets appended in the address bar.
can you ive me the path where from I can clear session cookies,.I use IE as my browser

Thanks,
Abhisek
Jeanne Boyarsky
author & internet detective
Marshal

Joined: May 26, 2003
Posts: 30789
    
157

Originally posted by Dash Abhisek:
can you ive me the path where from I can clear session cookies,.I use IE as my browser

I don't use IE so I haven't tried this. However I see something that looks relevant.

Internet Options --> Privacy Tab --> Advanced - to get the settings box
Check override automatic cookie handling to enable options
Select block first party cookies
As long as "always allow session cookies" is unchecked, I think IE would block them.
Ankit Nagpal
Ranch Hand

Joined: Sep 09, 2008
Posts: 47

Hi Abhishek,

I did try this code on my system using IE8, I was able to replicate this problem but when I restarted the server, the code produced the desired result i.e it displayed null.

As far as I know, the enabling and disabling of cookies should not be dependent on the context. Any expert comments on this please?

Thanks.
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: session management doubt