Win a copy of Think Java: How to Think Like a Computer Scientist this week in the Java in General forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session problem in Struts and Tomcat

 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

In struts, I noticed that after session.invalidate() on my logout page still session is valid while checking from tomcat manager page.
I want to end session after calling invalidate() method.

Action:



please help.
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ranveer K Kumar wrote:session is valid while checking from tomcat manager page.

Session can be invalidated by just invoking Session#invalidate() method and what you see in tomcat manager is not always the indication, tomcat may have other session to work upon.

If you really want to see whether the session is no longer there, then just access any variable placed in it. like:

 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sagar Rohankar wrote:
Ranveer K Kumar wrote:session is valid while checking from tomcat manager page.

Session can be invalidated by just invoking Session#invalidate() method and what you see in tomcat manager is not always the indication, tomcat may have other session to work upon.

If you really want to see whether the session is no longer there, then just access any variable placed in it. like:



yes

user session is invalidated but session is still there
for example:
when I accessing same application from other browser then on tomcat manager session is increased to 2,
and after logout it should be 1 but showing 2 even after closing the browser. When open another browser it increase to 3 and same thing after logout, it not decreasing to 2 or 1 after logout (invalidate()).

Important things is that the same application writing in the jsp or servlet its work perfectly and removing session after calling invalidate method. when logout it removes the session and show session 0 in the tomcat manager page.

 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
The only reliable thing which tell you how many session gets created, destroyed is by implementing the HttpSessionListener class.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sessions are created by JSP access unless you specify the JSP shouldn't create a session.
 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David Newton wrote:Sessions are created by JSP access unless you specify the JSP shouldn't create a session.


Dear sir,

will <%@ page session="false"> on jsp will work.

How to do this in better way? I have no idea about it.
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David Newton wrote:Sessions are created by JSP access unless you specify the JSP shouldn't create a session.

Yeah, Initially I thought the same, but following two reasons discouraged me to ask:
1. The JSP page sessions may related to the user session.
2. The OP said the same example showing correct creation/destruction of session when he used JSP/Servlets.
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ranveer K Kumar wrote:
David Newton wrote:Sessions are created by JSP access unless you specify the JSP shouldn't create a session.


Dear sir,

will <%@ page session="false"> on jsp will work.

of course work, provided you're not accessing/using 'session' variable on that page. :wink:
 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Sagar Rohankar
David Newton

of course work, provided you're not accessing/using 'session' variable on that page. :wink:


Still not working...
after session.invalidate() still showing 1 session in session column in tomcat manager..
When I tried to do same thing from different browser then it increased to 2 (event after closing the browser).
here is my test code

JSP: loginJsp.jsp


Action class: TestAction.java



Logout.java



Now please tell me where I am wrong
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ranveer K Kumar wrote:When I tried to do same thing from different browser then it increased to 2 (event after closing the browser).

window closing has no effect on session destruction.
Code looks fine to me, but can't tell the exact problem, you need to implement the SessionListner to find out who is creating/destroying the session.
 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Code looks fine to me, but can't tell the exact problem, you need to implement the SessionListner to find out who is creating/destroying the session.


is there any other solution of this problem (it must be but I dont know) in struts. As I told earlier I am facing this problem in struts only; JSP/Servlet working fine...
 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sagar Rohankar

you need to implement the SessionListner to find out who is creating/destroying the session.


Hi Sagar,
thanks for valuable suggestion to check by sessionListner.
after checking by HttpSessionListener implementation the following out put come:

Session id A3F9FE30BD917E7AA2DC411EB85E86BA (Checking session id on sessionDestroyed() for sessionListener)
invalidated... (from action class after session.invalidate() method)
Session Created: 37CD8E435DF99B5DE998A9B7CF28D2EA (but again calling sessionCreated() method when forwarding to the success page by actionForward method of struts.

Now I change return type to null on the action class of the struts from return mapping.findForward(SUCCESS);
and it now not creating session...

It means that when ActionForward forwarding page that time creating session...

Is there any solution to stop creating session by struts when user is invalidating session manually( such as Logout.java).
 
Sagar Rohankar
Ranch Hand
Posts: 2907
1
Java Spring Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ranveer K Kumar wrote:
Session Created: 37CD8E435DF99B5DE998A9B7CF28D2EA (but again calling sessionCreated() method when forwarding to the success page by actionForward method of struts.

Now I change return type to null on the action class of the struts from return mapping.findForward(SUCCESS);
and it now not creating session...

It means that when ActionForward forwarding page that time creating session...

Please post the code for the action mapping (one from struts-config.xml) for the given action and the JSP page where you're forwarding the action.
 
Sean Clark
Rancher
Posts: 377
Android Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hey,

So when you invalidate the session, do you then redirect to another page? Login page or something?
To my knowledge as soon as you hit any page a session is created on the server (unless you explicitly tell it not to), can I ask why you don't want there to be a session?

Sean
 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Sean Clark wrote:Hey,

So when you invalidate the session, do you then redirect to another page? Login page or something?
To my knowledge as soon as you hit any page a session is created on the server (unless you explicitly tell it not to), can I ask why you don't want there to be a session?

Sean


I want to remove session after user logout. Right now when user click on logout(session.invalidate()) session is inavalidate but again when forwarding to the success page session is created. This happen for every (user) when the hit the page. It means that unnecessary user session is created while user already logout. For example:
If 100 user is accessed the page and logout but 100 session is still there...

regards
 
Ankit Garg
Sheriff
Posts: 9519
22
Android Google Web Toolkit Hibernate IntelliJ IDE Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
For that you'll need to set session="false" in your JSP. Also since those sessions don't have any attributes in them, they won't take too much resources...
 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Ankit Garg wrote:For that you'll need to set session="false" in your JSP. Also since those sessions don't have any attributes in them, they won't take too much resources...


is there any other way to stop implicit session on jsp; centralize configuration (like web.xml ) or sessionListener

 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's not clear to me why you think having the session around is a big deal--it isn't.
 
Ranveer K Kumar
Ranch Hand
Posts: 64
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David Newton wrote:It's not clear to me why you think having the session around is a big deal--it isn't.


I wanted to remove unnecessary session. What was happening, When user logout session invalidated but still session was available (due to actionForward forwarding page to the jsp and on jsp session again created). It means session was increasing by user hit. Which was useless.
 
David Newton
Author
Rancher
Posts: 12617
IntelliJ IDE Ruby
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Meh: I think you're substantially over-estimating the impact of "useless" sessions.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic