aspose file tools*
The moose likes Servlets and the fly likes When is a HttpSession object created by the Web Container Big Moose Saloon
  Search | Java FAQ | Recent Topics | Flagged Topics | Hot Topics | Zero Replies
Register / Login
JavaRanch » Java Forums » Java » Servlets
Bookmark "When is a HttpSession object created by the Web Container" Watch "When is a HttpSession object created by the Web Container" New topic
Author

When is a HttpSession object created by the Web Container

Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31
Hi guys.

When does an object of HttpSession created by the Web Container.

when we use
HttpSession hs = request.getSession(); // Line 1
System.out.println(hs.isNew()); // Line 2 -- Either true or false

In case a session is not yet created why the Line 2 is not returning a NullPointerException

Can any one explain what is happening in the above two lines??
olivier dutranoit
Ranch Hand

Joined: Aug 20, 2011
Posts: 81

request.getSession() will return the current session if it exists. If it doesn't exist, it will be created.

request.getSession(false) will return the current session if it exists. If it doesn't exist, it will NOT be created.

so, request.getSession() will allways return a session...so no nullpointer...
Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31
Then how does hs.isNew() work
Bear Bibeault
Author and ninkuma
Marshal

Joined: Jan 10, 2002
Posts: 60997
    
  65

Have you read the documentation?


[Asking smart questions] [Bear's FrontMan] [About Bear] [Books by Bear]
Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31
isNew

boolean isNew()
Returns true if the client does not yet know about the session or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request.
Returns:
true if the server has created a session, but the client has not yet joined

When ever a request hits the server i suppose the session object is created and shared with the client.

what does the line "but the client has not yet joined" mean ??
Vigneswaran Marimuthu
Greenhorn

Joined: Aug 30, 2011
Posts: 24

Even i didnt get the same !!!


Regards,

Vigneswaran.M
Piyush Joshi
Ranch Hand

Joined: Jun 10, 2011
Posts: 207

assuming that the server uses only cookie-based sessions:

"client has not yet joined" means that the client has not yet sent a request with a JSESSIONID cookie value set. JSESSIOID cookie is the way client tells the container that it has joined the session represented by this session id.

When container gets a request but with no JSESSIONID cookie then container creates a new session when request.getSession() is called. therefore isNew() method returns true. But if JSESSIONID cookie is present in the request then request.getSession() returns the existing session represented by this session id, so isNew() will be false.


Piyush
Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31

@Piyush Joshi: Thank you for your explanation. However, i got some doubt regarding getSession() method which i stated below.

You mean to say only when request.getSession() is called, then only the HttpSession object is created.

when request.getSession(false) is called then what happens.
olivier dutranoit
Ranch Hand

Joined: Aug 20, 2011
Posts: 81

you should get a null...
and you should test on if(session == null) or something.

Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31

When does a session actually gets created.

is it created when the session.getSession() is called or it is already created when ever the web container gets the request
siddu banjapally
Greenhorn

Joined: Aug 16, 2011
Posts: 13


when request.getSession(false) is called then what happens.

getSession(boolean)

Gets the current valid session associated with this request, if create is false or, if necessary, creates a new session for the request, if create is true.


it may Helpful to you..
Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31

I doubt the creation of HttpSession object by the web container.

Is it created implicitly when the request hits the web container or do we have to explicitly invoke getSession(true) for the creation of the session object.
siddu banjapally
Greenhorn

Joined: Aug 16, 2011
Posts: 13

Web container created implicitly when the request hits the web container,Because the Web server does not identify our request very first time, so that it creates a session id and send it back to client along with response..

Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31
Since the session object is created automatically by the web container.

The method call getSession(false) should never return a null value.

Is the statement above correct??
olivier dutranoit
Ranch Hand

Joined: Aug 20, 2011
Posts: 81

No,

here is very good explanation :

http://www.coderanch.com/t/535917/JSP/java/request-getSession-false



Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31
Thankyou it's a good explanation.

Since the web server creates a session implicitly why would request.getSession(false) return null.

Paul Clapham
Bartender

Joined: Oct 14, 2005
Posts: 18541
    
    8

Okay, then let me post the next line of the API documentation. Which you should already have read, since you consider this to be an important topic. It says
If create is false and the request has no valid HttpSession, this method returns null.


That should answer your question; if you don't know what a "valid" session is then don't hesitate to assume it means whatever is necessary for this sentence to answer your question.
Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31
As per API Documentation:
getSession:

public HttpSession getSession(boolean create)
Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.
If create is false and the request has no valid HttpSession, this method returns null.

To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.

Parameters:
create - true to create a new session for this request if necessary; false to return null if there's no current session
Returns:
the HttpSession associated with this request or null if create is false and the request has no valid session


Please explain me:
1) What does " before the response is committed" mean ??
2) What does "no valid session" mean ??

Could any one quote an example which demonstrates request.getSession() giving Null.


---------------
Regards

Avinash
olivier dutranoit
Ranch Hand

Joined: Aug 20, 2011
Posts: 81

simple example : your request.getsession will return null, on a moment that your session is expired...on a half an hour of inactivity for example

then you can say something like

if session is null : send to login page...

Piyush Joshi
Ranch Hand

Joined: Jun 10, 2011
Posts: 207

Avinash Haridasu wrote:
1) What does " before the response is committed" mean ??
2) What does "no valid session" mean ??
Avinash

Committing the response means that the response has already been sent to the client (may be by calling OutputStream.flush() on the response ). Cookies are part of Response header and since JSESSIONID information is maintained in the cookie, container can not create a new session when response has gone because then container will not be able to write the response header containing cookie information.

"no valid session" means that session has expired either due to session-timeout or due to result of calling HttpSession.invalidate() method.

One more thing:

JSP pages have a page directive attribute session e.g. <%@ page session="true" %>. If session attribute is true(which is the default) then container will insert a call to pageContext.getSession() in the servlet code generated by translation of this JSP page. This will cause creation of HttpSession if session did not exist. Since "true" is the default value, then it can become confusing when you have a front jsp page for your application and then you are going to a servlet and calling getSession(false) method and expecting it to return null. But it will not because the front jsp page had already created the session.
So make this attribute false when you want to create a new session in your servlets.

Avinash Haridasu
Ranch Hand

Joined: Jul 12, 2011
Posts: 31
Thank you.

Good Explanation.

 
With a little knowledge, a cast iron skillet is non-stick and lasts a lifetime.
 
subject: When is a HttpSession object created by the Web Container