This week's book giveaways are in the Java EE and JavaScript forums.
We're giving away four copies each of The Java EE 7 Tutorial Volume 1 or Volume 2(winners choice) and jQuery UI in Action and have the authors on-line!
See this thread and this one for details.
The moose likes Struts and the fly likes Correct way to use getSession() in actions? Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login


Win a copy of The Java EE 7 Tutorial Volume 1 or Volume 2 this week in the Java EE forum
or jQuery UI in Action in the JavaScript forum!
JavaRanch » Java Forums » Frameworks » Struts
Bookmark "Correct way to use getSession() in actions?" Watch "Correct way to use getSession() in actions?" New topic
Author

Correct way to use getSession() in actions?

A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
My app contains about 15 actions. The URL to enter the app fires up a sort of startup action which initialises things, create's a session etc... before forwarding to the start jsp page i.e this line creates the session -

HttpSession session = request.getSession(true);

In my other actions I want to test for the existence of this session object so I call tell if things like the session's timed out or user tried to open app using a bookmark i.e trying to start the app not from the start action

Should I then in every other action do something like -

HttpSession session = request.getSession(false);

if(session==null)
{
//forward to start action
}

This will only return the session object if it exists & not auto create a new one but is this the way to do it?

Hopefully I've made some sense!

thanks

harry
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

That's exactly it!


A good workman is known by his tools.
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
thanks for replying to quickly Marc, doing this now in action -

HttpSession session = request.getSession(false);

if (session == null)
{
return (mapping.findForward(PRDConst.INVALID_ACCESS));
}

Rather than wait for a session timeout I just put the clock forward 1 day & clicked the link that fires up this action - strangely though the session returned is not null - so this ignores the test & fall over on next statements. isNew() == true, it seems to create a new session regardless!

Any ideas?

P.S using weblogic 8.1 sp3 on win 2000 & eclipse 3 is thats any use!

thanks

harry
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
Well I can't make getSession() return null regardless of what/any parameters despite what the api doc's say to seems to always return a session object!

Found this on the request object though which appears (gulp! dare I say it) to do the trick perfectly -

e.g

if (!request.isRequestedSessionIdValid())
{
return (mapping.findForward(PRDConst.INVALID_ACCESS));
}
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

No, that getSession(false) should return null.

I think changing your clock may not have invalidated your session as you expected.

Try putting this in your web.xml:
<session-config>
<session-timeout>1</session-timeout>
</session-config>

This will make sessions invalid after a minute.

Another, less thorough test is to place
request.getSession().invalidate();
before you get to request.getSession(false) as this will at least test the functionality of navigating to the proper forward when the session is gone.
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
tried the 1 minute timeout & guess what? it still won't return null!

Is there anything wrong with using request.isRequestedSessionIdValid() as this seems to work perfectly? - after 60 sec's the session times out & isRequestedSessionIdValid() returns false
Mark Jones
Greenhorn

Joined: Apr 30, 2004
Posts: 4
A Harry, I have the same problem. I can NEVER get request.getSession(false) to EVER return a null. I am running Tomcat, so I am assuming that Tomcat must be creating the session automatically.

I would appreciate if anyone could expand on this.

Thanks,
Chughead
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727


public HttpSession getSession(boolean create)

Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.

If create is false and the request has no valid HttpSession, this method returns null.


If the session is not valid, you should get null.
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
Spooky isn't it CH, I get exactly the same on weblogic 8.1 as on TC 5 - I've tried every permutation & I cannot under any circumstances get null!

isRequestedSessionIdValid() seems to do the job perfectly though - would appreciate any comments on this as came across it by accident & not sure if it's safe?

Interested to get to the bottom of this null problem though!
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

There's got to be more to your scenario, like you're using applets or something. I could make 1000 guesses but it wouldn't make a ton of sense.

If the other method works then it's fine. I would be nervous using it if the session is not returning null, but that's me.
[ August 13, 2004: Message edited by: Marc Peabody ]
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
I'm not using anything fancy or out of the ordinary Marc - interesting CH gets the same - will take some time out later & try to get to the bottom of it - if I get anywhere I'll post it back here!

Thanks for you help!
David Yutzy
tumbleweed and gunslinger
Ranch Hand

Joined: Jun 29, 2001
Posts: 192
If I'm not mistaken, handling of the session is via the browser as a cookie. So unless you are killing "all" of your browser windows and opening a new window or the session cookie in invalidated or you've restarted Tomcat, your session would still be valid no matter what.

The way I test such things is I have FireFox open and IE. I can open two completely different sessions, one in each browser, and test the scenario you talk about.

If you simply do a "new tab" in FF or Control+N in IE, this does NOT create a new session, but creates a new instance of IE using the same session as the parent window (or tab in FF).

To view under a new session, you have to open up a new instance of IE/FF from the shortcut and hit the same page.
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

Session will use URL rewriting if cookies are not supported.

At any rate, when a client is inactive for the specified amount of time, the session is supposed to become invalid.

Something I just thought of that may help troubleshooting is to call isNew() on the session you are getting. This will let you know if the session is created during that request or not. If it returns true, you know you have a problem there. You could also call getId() at various places in code to verify that it keeps the same session and does not change.
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
Hi Marc, it does return true despite calling as getSession(false) - any ideas why this might be? - this hs got me worried now!
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
ah ha! - found something on a messageboard & all is reveiled!

locale is true by default & as long as it is, struts will always create a session object - using this <controller locale="false"/> & it returns null! yippeee!

Don't need it anymore anyway but nice to get to the bottom of it - hope this helps others!
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

I assume isNew() would have returned true then.

<-- thinking about locale issue

I thought that the locale thingy only created a session during jsp creation. By your scenario, it seems like a new session gets created at the beginning of the submitted request. Learning something new every day!
Leandro Melo
Ranch Hand

Joined: Mar 27, 2004
Posts: 401
What does locale have to do with Session in that point of view?

I just don't get why locale=true would cause the session to be created automatically.


Leandro Melo
SCJP 1.4, SCWCD 1.4
Sunil Manheri
Ranch Hand

Joined: Jul 07, 2004
Posts: 32
The best solution for session tracking is using Filters. Inside the filter, check whether the session is new or is timed out or valid and do the appropriate actions.
[ October 27, 2004: Message edited by: Sunil Manheri ]

TechMindViews - Technical Notes
Marc Peabody
pie sneak
Sheriff

Joined: Feb 05, 2003
Posts: 4727

Leandro,

I don't know the complete guts of WHY it does what it does.

All I know is when you want to avoid session, 3 things are needed:
1 set locale to false in struts-config
2 don't use html:html tag
3 put page session="false" in the jsp
A Harry
Ranch Hand

Joined: Jan 23, 2002
Posts: 124
Sunil, be interested to hear how or see example you go about this using filters (not really familiar with them)

as I said previously using request.isRequestedSessionIdValid() seems to work fine
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: Correct way to use getSession() in actions?