1.User logs into an application and the servlet involved puts some data in HttpSession.
2.User logs out and again logs in using same browser window.
3.A call to HttpSession session = request.getSession(true); will return old session or new session if old session is not timed out yet?
Is session.invalidate() called? Then a session will be created, as the old one was destroyed.
If you mean the user surfed to another page and then returns, the old session should still be alive and valid and should be reused (depending on how session tracking is done .. cookies or url rewriting, ...)
SCEA5, Certified ScrumMaster
Joined: May 06, 2005
Thanks for your replies.
session.invalidate(); was not called when user logged out.
So i think old session will be used if he logs in again with the same browser.
Also if he uses another browser to log in again then it will be a new session?
well if you have not called invalidate, then the old session will be used normally (i.e. if cookies are enabled or if disabled, all the URLs are encoded with session id)
ajse roy wrote:Also if he uses another browser to log in again then it will be a new session?
well if the user uses the same browser's new windows i.e. for example he/she uses two windows of IE 7, then I think the same session will be used as the cookies will be common. But for different browsers i.e. for example one window of IE and one of Fire Fox, then different sessions will be used...
Yes if the session is not invalidated then the same session id is used if you send a request from the same window but if you login from a new window a new seesion id is created thus creating a new session.
To be a winner first you need to be a begineer.