File APIs for Java Developers
Manipulate DOC, XLS, PPT, PDF and many others from your application.
http://aspose.com/file-tools
The moose likes Servlets and the fly likes Issue with the session object Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "Issue with the session object" Watch "Issue with the session object" New topic
Author

Issue with the session object

sulabh kapoor
Greenhorn

Joined: Oct 10, 2009
Posts: 16
Please see the following scenario that I am facing in Firefox/IE7 where the browsers provide the option of multiple tabs:
1) User opens two tabs of the same browser say Firefox.
2) User click on the url of the home page in the first tab and views the home page and does not provide any url in the second tab.
3) User does not do any action on that page and let that page remain idle for time-out to happen.
4) Time out happens and the user is redirected to the timeOut page.
5) User closes that tab and try to enter the home page url in the next tab of the same browser.
6) Null Pointer Exception happens.

* Here, the expected output was that User would have viewed the Home page.

What I can think of the probable reason for this issue is that the previous session object is still available though it has been set to null on timeout.
I guess even if we set the session to null, server does not flush that session object at that very moment and that session object becomes available for the next tab.

Please provide your inputs and the solution to this issue.

Thanks,
Sulabh
John Pradeep.v
Ranch Hand

Joined: Jul 21, 2008
Posts: 59


6) Null Pointer Exception happens.


Can you please elaborate the exception here? are you trying to get an object from session and use it to call methods on it? please update the stack trace here which will help understand the problem.

* Here, the expected output was that User would have viewed the Home page.

do you access objects placed in session while rendering the home page?

What I can think of the probable reason for this issue is that the previous session object is still available though it has been set to null on timeout.

How can you set session object to null? please update your code where you do that..

I guess even if we set the session to null, server does not flush that session object at that very moment and that session object becomes available for the next tab.

I dont understand how you can make the session to be null?



John
sulabh kapoor
Greenhorn

Joined: Oct 10, 2009
Posts: 16
I am invalidating the session object once it has timeOut by calling the function - httpSession.invalidate()

What actually expected from the browser is that it should close the page on which timeOut had occured but firefox is not doing so. Due to facility of opening multiple tabs, the second tab picks the invalidated session.
Please let me know if more inputs are required from my side
sulabh kapoor
Greenhorn

Joined: Oct 10, 2009
Posts: 16
Q:Can you please elaborate the exception here? are you trying to get an object from session and use it to call methods on it? please update the stack trace here which will help understand the problem.
A: We are getting null pointer in the user object. This is occuring because upon timeout, application does the httpsession.invalidate() which removes everythign from the session object. Once this happen, as stated above the user tries to access the application url from the other tab in same browser window, request directly comes to Interceptor class where server gets null user object from the session. For you information, we are usign Spring framework for the whole application including MVC.

Q:do you access objects placed in session while rendering the home page?
A:yes, we have to since we have spring security framework in place which authenticates and authorizes the users who logs into the application. Later on also, we user the session to provide the user object at various layers of the application.

Q:How can you set session object to null? please update your code where you do that.. ?
A: we cannot share the code. but we have done httpsession.invalidate() upon timeout or ign-off links of the application to remove the session from the server.

Session is not null for the second request from the other tab. it just doesnot have any data left once timed out due to invalidate () method.

John Pradeep.v
Ranch Hand

Joined: Jul 21, 2008
Posts: 59
sulabh kapoor wrote:
What actually expected from the browser is that it should close the page on which timeOut had occured but firefox is not doing so. Due to facility of opening multiple tabs, the second tab picks the invalidated session.


Hi Sulabh,
I got your problem now, when you open multiple tabs in the same browser it shares the session! As session is just a cookie value with session ID in it (not a persistent cookie though)
The way cookie works is it sends the cookie (session ID in our case) to the domain which you are accessing if the same domain created the cookie..
this is exactly is what happening in your case, since the browser is not closed any request you make with any tab will send the same session ID to the server which is resulting in using the invalidated session.

I don think there is any solution for this and i dont think we should handle this in any other way, the sign of an object being null indicates its invalidated, you are forced to create a new session.

John
Rob Spoor
Sheriff

Joined: Oct 27, 2005
Posts: 19790
    
  20

I notice that you have written this servlet yourself. Moving to our Servlet forum.


SCJP 1.4 - SCJP 6 - SCWCD 5 - OCEEJBD 6
How To Ask Questions How To Answer Questions
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Issue with the session object