Win a copy of Mesos in Action this week in the Cloud/Virtualizaton forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Issue with the session object

 
sulabh kapoor
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Please see the following scenario that I am facing in Firefox/IE7 where the browsers provide the option of multiple tabs:
1) User opens two tabs of the same browser say Firefox.
2) User click on the url of the home page in the first tab and views the home page and does not provide any url in the second tab.
3) User does not do any action on that page and let that page remain idle for time-out to happen.
4) Time out happens and the user is redirected to the timeOut page.
5) User closes that tab and try to enter the home page url in the next tab of the same browser.
6) Null Pointer Exception happens.

* Here, the expected output was that User would have viewed the Home page.

What I can think of the probable reason for this issue is that the previous session object is still available though it has been set to null on timeout.
I guess even if we set the session to null, server does not flush that session object at that very moment and that session object becomes available for the next tab.

Please provide your inputs and the solution to this issue.

Thanks,
Sulabh
 
John Pradeep.v
Ranch Hand
Posts: 59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator


6) Null Pointer Exception happens.


Can you please elaborate the exception here? are you trying to get an object from session and use it to call methods on it? please update the stack trace here which will help understand the problem.

* Here, the expected output was that User would have viewed the Home page.

do you access objects placed in session while rendering the home page?

What I can think of the probable reason for this issue is that the previous session object is still available though it has been set to null on timeout.

How can you set session object to null? please update your code where you do that..

I guess even if we set the session to null, server does not flush that session object at that very moment and that session object becomes available for the next tab.

I dont understand how you can make the session to be null?



John
 
sulabh kapoor
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am invalidating the session object once it has timeOut by calling the function - httpSession.invalidate()

What actually expected from the browser is that it should close the page on which timeOut had occured but firefox is not doing so. Due to facility of opening multiple tabs, the second tab picks the invalidated session.
Please let me know if more inputs are required from my side
 
sulabh kapoor
Greenhorn
Posts: 16
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Q:Can you please elaborate the exception here? are you trying to get an object from session and use it to call methods on it? please update the stack trace here which will help understand the problem.
A: We are getting null pointer in the user object. This is occuring because upon timeout, application does the httpsession.invalidate() which removes everythign from the session object. Once this happen, as stated above the user tries to access the application url from the other tab in same browser window, request directly comes to Interceptor class where server gets null user object from the session. For you information, we are usign Spring framework for the whole application including MVC.

Q:do you access objects placed in session while rendering the home page?
A:yes, we have to since we have spring security framework in place which authenticates and authorizes the users who logs into the application. Later on also, we user the session to provide the user object at various layers of the application.

Q:How can you set session object to null? please update your code where you do that.. ?
A: we cannot share the code. but we have done httpsession.invalidate() upon timeout or ign-off links of the application to remove the session from the server.

Session is not null for the second request from the other tab. it just doesnot have any data left once timed out due to invalidate () method.

 
John Pradeep.v
Ranch Hand
Posts: 59
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sulabh kapoor wrote:
What actually expected from the browser is that it should close the page on which timeOut had occured but firefox is not doing so. Due to facility of opening multiple tabs, the second tab picks the invalidated session.


Hi Sulabh,
I got your problem now, when you open multiple tabs in the same browser it shares the session! As session is just a cookie value with session ID in it (not a persistent cookie though)
The way cookie works is it sends the cookie (session ID in our case) to the domain which you are accessing if the same domain created the cookie..
this is exactly is what happening in your case, since the browser is not closed any request you make with any tab will send the same session ID to the server which is resulting in using the invalidated session.

I don think there is any solution for this and i dont think we should handle this in any other way, the sign of an object being null indicates its invalidated, you are forced to create a new session.

John
 
Rob Spoor
Sheriff
Pie
Posts: 20529
54
Chrome Eclipse IDE Java Windows
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I notice that you have written this servlet yourself. Moving to our Servlet forum.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic