File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
The moose likes Servlets and the fly likes session problem Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "session problem" Watch "session problem" New topic

session problem

ajse ruku
Ranch Hand

Joined: May 06, 2005
Posts: 196

I want to know that if a

1.User logs into an application and the servlet involved puts some data in HttpSession.
2.User logs out and again logs in using same browser window.
3.A call to HttpSession session = request.getSession(true); will return old session or new session if old session is not timed out yet?

Paul Sturrock

Joined: Apr 14, 2004
Posts: 10336

If the user has logged out the session should have been invalidated (it doesn't need to time out in this instance), so you should get a new session.

JavaRanch FAQ HowToAskQuestionsOnJavaRanch
Uli Hofstoetter
Ranch Hand

Joined: Nov 24, 2006
Posts: 57
Depends on what is meant by "user logs out".

Is session.invalidate() called? Then a session will be created, as the old one was destroyed.

If you mean the user surfed to another page and then returns, the old session should still be alive and valid and should be reused (depending on how session tracking is done .. cookies or url rewriting, ...)


SCEA5, Certified ScrumMaster
ajse ruku
Ranch Hand

Joined: May 06, 2005
Posts: 196
Thanks for your replies.

session.invalidate(); was not called when user logged out.
So i think old session will be used if he logs in again with the same browser.

Also if he uses another browser to log in again then it will be a new session?

Ankit Garg

Joined: Aug 03, 2008
Posts: 9462

well if you have not called invalidate, then the old session will be used normally (i.e. if cookies are enabled or if disabled, all the URLs are encoded with session id)

ajse roy wrote:Also if he uses another browser to log in again then it will be a new session?

well if the user uses the same browser's new windows i.e. for example he/she uses two windows of IE 7, then I think the same session will be used as the cookies will be common. But for different browsers i.e. for example one window of IE and one of Fire Fox, then different sessions will be used...

SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Rajat Raina

Joined: Feb 17, 2009
Posts: 10
Yes if the session is not invalidated then the same session id is used if you send a request from the same window but if you login from a new window a new seesion id is created thus creating a new session.

To be a winner first you need to be a begineer.
Raina Rajat
SCWCD (95%)
I agree. Here's the link:
subject: session problem
It's not a secret anymore!