aspose file tools*
The moose likes Servlets and the fly likes HttpSession in JSP Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "HttpSession in JSP" Watch "HttpSession in JSP" New topic
Author

HttpSession in JSP

fadi aboona
Ranch Hand

Joined: Apr 25, 2010
Posts: 71
Hi all, this is my first post.
Something i'm not understanding. I have two JSP pages, index.jsp that submits to servlet A and result.jsp that gets the (request, response) through RequestDispatcher from servlet A. In servlet A, i get a session from HttpSession and set its attribute with a user name parameter i get from index.jsp.

When i test above application with Internet Explorer cookies disabled by writing this simple line of code <%= session.getAttribute("username")%> in the result.jsp, the result.jsp page shows me the input from the index page? how so? shouldn't the output from the result.jsp page be null because cookies were disabled and i didn't use URL rewriting!!

Thanks.
sood rahul
Greenhorn

Joined: Jun 30, 2010
Posts: 3
I believe your code is not even dependent on the browser settings.
Unless you create a cookie object and write something to it and add it to the response object, you do not have to worry about whether cookies are enabled or disabled....seniors please correct me if I am missing some concept here..


Rahul Sood
fadi aboona
Ranch Hand

Joined: Apr 25, 2010
Posts: 71
sood rahul wrote:I believe your code is not even dependent on the browser settings.
Unless you create a cookie object and write something to it and add it to the response object, you do not have to worry about whether cookies are enabled or disabled....seniors please correct me if I am missing some concept here..


Hi,
I was experimenting with this yesterday and instead of forwarding the (request, response) to the JSP, I used the PrintWriter inside my servlet and the result.jsp showed null when i disabled cookies !? does it have to do with the container *tomcat*?
Ashish Arp
Greenhorn

Joined: Jul 21, 2010
Posts: 4
Hi fadi, first question - Are you using cookies for handling session ?
Lalit Mehra
Ranch Hand

Joined: Jun 08, 2010
Posts: 384

hi there,

just by using setAttirbute() you cannot say that you are working with cookies ...

when you work with cookies ... (they are used to maintain a session with the client) you need to explicitly add a cookie to the response stream

and yes you can access the attributes set using the setAttribute() on any other web app element (in this case your jsp) because they have nothing do with the client (in your scenario)


http://plainoldjavaobject.blogspot.in
Rahul Nair
Ranch Hand

Joined: Dec 01, 2007
Posts: 138

Hi,

I think using the cookie in your web application have nothing to do with using HttpSession for user session tracking.

HttpSession internally uses Cookie mechanism for implementation, so if you have disabled the cookie in browser then you have to use URL Rewriting. Except this i think there is no way we can use HttpSession in our application...

Ranchers please correct me i am wrong!

Thanks,

Rahul
fadi aboona
Ranch Hand

Joined: Apr 25, 2010
Posts: 71
Hi Ashish Arp,
I mentioned in my origianl post that i had IE cookies disabled. Thanks.

Hi Lalit Mehra,
Request.getSession() does all the cookie work for us, it puts jsessionid in the response header so client can send it back to server next time it makes the request. If cookies were disabled then we have to use URL rewriting.

Hi Rahul Nair,
you're right on the money.

On a different forum, someone suggested the following:
When you start an application inbuilt session is created which will expire in 30 min(default) or you need to explicitly invalidate the session.

Thanks all, i won't feel good until i get a solid answer.
Nilesh Miskin
Ranch Hand

Joined: Jun 17, 2010
Posts: 44
@Fadi,
It looks like an issue with Internet Explorer. I tried with Mozilla Firefox & it works just fine; telling me that the session is new for each request when I disable the cookies.


Nilesh Miskin
fadi aboona
Ranch Hand

Joined: Apr 25, 2010
Posts: 71
Nilesh Miskin wrote:@Fadi,
It looks like an issue with Internet Explorer. I tried with Mozilla Firefox & it works just fine; telling me that the session is new for each request when I disable the cookies.


Hi Nilesh,
Have you tried getting the value from the session.getAttribute("something") in a jsp page? even with cookies disabled and no URL rewriting you'll get the value you assigned in your servlet.

Thanks.
I will try Firefox tonight after work.
Rahul Nair
Ranch Hand

Joined: Dec 01, 2007
Posts: 138
fadi aboona wrote:

On a different forum, someone suggested the following:
When you start an application inbuilt session is created which will expire in 30 min(default) or you need to explicitly invalidate the session.

Thanks all, i won't feel good until i get a solid answer.


Yes... we can also mention the time out duration in either web.xml config file OR problematically by calling setMaxInactiveInterval method.
fadi aboona
Ranch Hand

Joined: Apr 25, 2010
Posts: 71
for those who are follwoing this and looking forward for an answer, i got this from another forum.

"Tolls"
You forward to the JSP, but you still haven't left the server. It's no different (frankly) to a method call. It doesn't go to the client so cookies and URL rewriting is irrelevant.
Lalit Mehra
Ranch Hand

Joined: Jun 08, 2010
Posts: 384

fadi aboona wrote:for those who are follwoing this and looking forward for an answer, i got this from another forum.

"Tolls"
You forward to the JSP, but you still haven't left the server. It's no different (frankly) to a method call. It doesn't go to the client so cookies and URL rewriting is irrelevant.


That is what i said ... when you don't leave the server ... there is no need create cookies ... as cookies are meant to establish session term connection with the client and not between the web app elements ...
Ram Narayan.M
Ranch Hand

Joined: Jul 11, 2010
Posts: 247

What the RequestDispatcher does is Server-side redirection... That is redirection from one web page to other web page is being done without the attention of Browser Client.

So if "result.jsp" alone is hit directly, then you will get null value since a new request is made for "result.jsp" in which Session id is not included to identify the corresponding session in the server and

Username attribute does not exist in the new Session...

or If you use sendRedirect instead of ReqDispatch, then it wont work...


SCJP 6 [SCJP - Old is Gold]
Hebert Coelho
Ranch Hand

Joined: Jul 14, 2010
Posts: 754

You do still at the same request.

Try doing this with 3 jps. Lets say, jsp1, jsp2 and jsp3.

Try, send something from jsp1 to jsp2. And then, try jsp2 from jsp3.

If you try to recover something from the session it will be a new session from 2 to 3. (Im saying this assuming your cookies are off).

[=


[uaiHebert.com] [Full WebApplication JSF EJB JPA JAAS with source code to download] One Table Per SubClass [Web/JSF]
 
I agree. Here's the link: http://aspose.com/file-tools
 
subject: HttpSession in JSP