wood burning stoves 2.0*
The moose likes JSP and the fly likes doubt in session management in jsp Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » JSP
Bookmark "doubt in session management in jsp" Watch "doubt in session management in jsp" New topic
Author

doubt in session management in jsp

Dilip Mallik
Ranch Hand

Joined: Sep 19, 2008
Posts: 40
Hi All,

Actually I am drawing a parallelism between servlet session management and
jsp session management . In servlet we write HttpSession session = req.getSession(); and if we generate a response and the client accepts cookies
then the session id is passed on to the client and any subsequent request will
have that session id.Now, if we have to use that particular session
in some other servlet we write HttpSession session = req.getSession();
In servlet we have the option of keeping a request in the same session
or not If we don't write HttpSession session = req.getSession(); that means
we want from this point the request to be out of the session we are using.


Now, my question is:-
As, the session object is by default available in every jsp,I was thinking
if we need to invalidate session explicitly or write session="false" in page directive if we don't want subsequent requests to be considered under a single session .

Another question is in jsp we don't need to write HttpSession session = req.getSession();Any response generated by a jsp will pass the cookie hence the session id to client by default as session object is by default available.

am I right?

Thanks in advance
Dilip
Ben Souther
Sheriff

Joined: Dec 11, 2004
Posts: 13410

Originally posted by Dilip Mallik:

In servlet we have the option of keeping a request in the same session
or not If we don't write HttpSession session = req.getSession(); that means
we want from this point the request to be out of the session we are using.


This isn't exactly right.
Once you call getSession, the session object the first time the session is created. The session won't be discontinued if a subsequent request fails to call getSession. If getSession is never called, the container won't instanciate the session object.
In other words, there is no way to 'discontinue' using a session.

The closest thing you could do is call HttpSession.invalidate() which will end that session, causing a new one to be created if, in a subsequent request, getSession is called again.



Now, my question is:-
As, the session object is by default available in every jsp,I was thinking
if we need to invalidate session explicitly or write session="false" in page directive if we don't want subsequent requests to be considered under a single session .


JSPs are compiled into servlet code by your container when they're first hit. By default, the generated code contains a call to getSession unless
you add the session="false" directive to your JSP.

Adding session="false" to another JSP will not invalidate your session.
It will (just like with a servlet that never calls getSession) simply keep that JSP from causing the container to create a session.

If you want to invalidate a session, you would call session.invalidate().

Another question is in jsp we don't need to write HttpSession session = req.getSession();Any response generated by a jsp will pass the cookie hence the session id to client by default as session object is by default available.


Correct.
As mentioned earlier, the generated servlet code will, by default, contain a call to getSession in order to supply the JSP with implicit 'session' variable. That is, unless you add the session="false" directive.

Two things you might want to check out.
1.) The specs for both Servlets and JSP.
There are links to both in my signature.

2.) Your JSP's generated servlet code.
Depending on your container, you might need to alter the configuration in order to keep this around.
You don't with the Tomcat application server.
The generated servlet code will be under the tomcat/work/org/apache/jsp directory.
Try creating a small JSP, hitting it, and then viewing the generated servlet code. Then add the session="false" directive, hit it again, and compare the new servlet code to the old.


Java API J2EE API Servlet Spec JSP Spec How to ask a question... Simple Servlet Examples jsonf
 
 
subject: doubt in session management in jsp