wood burning stoves 2.0*
The moose likes Struts and the fly likes Session problem in Struts and Tomcat Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of OCA/OCP Java SE 7 Programmer I & II Study Guide this week in the OCPJP forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Session problem in Struts and Tomcat" Watch "Session problem in Struts and Tomcat" New topic
Author

Session problem in Struts and Tomcat

Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64
Hi all,

In struts, I noticed that after session.invalidate() on my logout page still session is valid while checking from tomcat manager page.
I want to end session after calling invalidate() method.

Action:



please help.
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Ranveer K Kumar wrote:session is valid while checking from tomcat manager page.

Session can be invalidated by just invoking Session#invalidate() method and what you see in tomcat manager is not always the indication, tomcat may have other session to work upon.

If you really want to see whether the session is no longer there, then just access any variable placed in it. like:


[LEARNING bLOG] | [Freelance Web Designer] | [and "Rohan" is part of my surname]
Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64
Sagar Rohankar wrote:
Ranveer K Kumar wrote:session is valid while checking from tomcat manager page.

Session can be invalidated by just invoking Session#invalidate() method and what you see in tomcat manager is not always the indication, tomcat may have other session to work upon.

If you really want to see whether the session is no longer there, then just access any variable placed in it. like:



yes

user session is invalidated but session is still there
for example:
when I accessing same application from other browser then on tomcat manager session is increased to 2,
and after logout it should be 1 but showing 2 even after closing the browser. When open another browser it increase to 3 and same thing after logout, it not decreasing to 2 or 1 after logout (invalidate()).

Important things is that the same application writing in the jsp or servlet its work perfectly and removing session after calling invalidate method. when logout it removes the session and show session 0 in the tomcat manager page.

Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

The only reliable thing which tell you how many session gets created, destroyed is by implementing the HttpSessionListener class.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Sessions are created by JSP access unless you specify the JSP shouldn't create a session.
Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64
David Newton wrote:Sessions are created by JSP access unless you specify the JSP shouldn't create a session.


Dear sir,

will <%@ page session="false"> on jsp will work.

How to do this in better way? I have no idea about it.
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

David Newton wrote:Sessions are created by JSP access unless you specify the JSP shouldn't create a session.

Yeah, Initially I thought the same, but following two reasons discouraged me to ask:
1. The JSP page sessions may related to the user session.
2. The OP said the same example showing correct creation/destruction of session when he used JSP/Servlets.
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Ranveer K Kumar wrote:
David Newton wrote:Sessions are created by JSP access unless you specify the JSP shouldn't create a session.


Dear sir,

will <%@ page session="false"> on jsp will work.

of course work, provided you're not accessing/using 'session' variable on that page. :wink:
Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64

Sagar Rohankar
David Newton

of course work, provided you're not accessing/using 'session' variable on that page. :wink:


Still not working...
after session.invalidate() still showing 1 session in session column in tomcat manager..
When I tried to do same thing from different browser then it increased to 2 (event after closing the browser).
here is my test code

JSP: loginJsp.jsp


Action class: TestAction.java



Logout.java



Now please tell me where I am wrong
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Ranveer K Kumar wrote:When I tried to do same thing from different browser then it increased to 2 (event after closing the browser).

window closing has no effect on session destruction.
Code looks fine to me, but can't tell the exact problem, you need to implement the SessionListner to find out who is creating/destroying the session.
Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64

Code looks fine to me, but can't tell the exact problem, you need to implement the SessionListner to find out who is creating/destroying the session.


is there any other solution of this problem (it must be but I dont know) in struts. As I told earlier I am facing this problem in struts only; JSP/Servlet working fine...
Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64
Sagar Rohankar

you need to implement the SessionListner to find out who is creating/destroying the session.


Hi Sagar,
thanks for valuable suggestion to check by sessionListner.
after checking by HttpSessionListener implementation the following out put come:

Session id A3F9FE30BD917E7AA2DC411EB85E86BA (Checking session id on sessionDestroyed() for sessionListener)
invalidated... (from action class after session.invalidate() method)
Session Created: 37CD8E435DF99B5DE998A9B7CF28D2EA (but again calling sessionCreated() method when forwarding to the success page by actionForward method of struts.

Now I change return type to null on the action class of the struts from return mapping.findForward(SUCCESS);
and it now not creating session...

It means that when ActionForward forwarding page that time creating session...

Is there any solution to stop creating session by struts when user is invalidating session manually( such as Logout.java).
Sagar Rohankar
Ranch Hand

Joined: Feb 19, 2008
Posts: 2902
    
    1

Ranveer K Kumar wrote:
Session Created: 37CD8E435DF99B5DE998A9B7CF28D2EA (but again calling sessionCreated() method when forwarding to the success page by actionForward method of struts.

Now I change return type to null on the action class of the struts from return mapping.findForward(SUCCESS);
and it now not creating session...

It means that when ActionForward forwarding page that time creating session...

Please post the code for the action mapping (one from struts-config.xml) for the given action and the JSP page where you're forwarding the action.
Sean Clark
Rancher

Joined: Jul 15, 2009
Posts: 377

Hey,

So when you invalidate the session, do you then redirect to another page? Login page or something?
To my knowledge as soon as you hit any page a session is created on the server (unless you explicitly tell it not to), can I ask why you don't want there to be a session?

Sean


I love this place!
Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64
Sean Clark wrote:Hey,

So when you invalidate the session, do you then redirect to another page? Login page or something?
To my knowledge as soon as you hit any page a session is created on the server (unless you explicitly tell it not to), can I ask why you don't want there to be a session?

Sean


I want to remove session after user logout. Right now when user click on logout(session.invalidate()) session is inavalidate but again when forwarding to the success page session is created. This happen for every (user) when the hit the page. It means that unnecessary user session is created while user already logout. For example:
If 100 user is accessed the page and logout but 100 session is still there...

regards
Ankit Garg
Sheriff

Joined: Aug 03, 2008
Posts: 9307
    
  17

For that you'll need to set session="false" in your JSP. Also since those sessions don't have any attributes in them, they won't take too much resources...


SCJP 6 | SCWCD 5 | Javaranch SCJP FAQ | SCWCD Links
Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64
Ankit Garg wrote:For that you'll need to set session="false" in your JSP. Also since those sessions don't have any attributes in them, they won't take too much resources...


is there any other way to stop implicit session on jsp; centralize configuration (like web.xml ) or sessionListener

David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

It's not clear to me why you think having the session around is a big deal--it isn't.
Ranveer K Kumar
Ranch Hand

Joined: Sep 13, 2009
Posts: 64
David Newton wrote:It's not clear to me why you think having the session around is a big deal--it isn't.


I wanted to remove unnecessary session. What was happening, When user logout session invalidated but still session was available (due to actionForward forwarding page to the jsp and on jsp session again created). It means session was increasing by user hit. Which was useless.
David Newton
Author
Rancher

Joined: Sep 29, 2008
Posts: 12617

Meh: I think you're substantially over-estimating the impact of "useless" sessions.
 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: Session problem in Struts and Tomcat