• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

getting different session ids from jsp to servlet

 
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello all !!!
i have a jsp in my webapps/jsp directory of tomcat5.5. i am creating an httpSession object in my jsp along with html content. the form's action is performed to a servlet which is in my webapps/myapp/classes directory. but that servlet is not able to get the same session id from the jsp.

can u plz tell me how a session can be maintained from a jsp to a servlet in different directory.

thanx
 
Ranch Hand
Posts: 213
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The session created is accessible to servlet without any restriction. session object which is implicit in jsp could be accessed in servlet by request.getSession(); Both these session objects are the same for single browser client and hence the sessionId too.
 
vishwas bhatt
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hello !!!

I know there is no such restrictions for a session to be maintained between jsps and servlets but still i am gettin different session ids.

in my jsp i am just doing
<%
System.out.println(session.getId());
%>

And in my servlet i am doing
HttpSession session=req.getSession();
System.out.println(session.getId());

and i am getting different ids.
and this is all happening in the same browser window.

Thanks For your prompt reply
Hoping for the same.
 
Sarath Mohan
Ranch Hand
Posts: 213
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Ok. I am getting the same Id in jsps and servlets for a single session

I use tomcat 5.5.7
 
vishwas bhatt
Ranch Hand
Posts: 129
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
hi !!!
so what do you think is the problem in my case ???
because i have tried so many things but it is still giving me the same prob.

thanx
 
Greenhorn
Posts: 1
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I m making a web app ,inside when ch ,I have a count.jsp page where I am printing the getId return value ..when I disabled the cookies ,the value was different but when I enable the cookies settings then it's same đŸ™„
 
Saloon Keeper
Posts: 28325
210
Android Eclipse IDE Tomcat Server Redhat Java Linux
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Welcome to the Ranch, Chitra!

You probably should have started a new thread for your question, since the original question/answers are 17 years old. And actually, they deal with something different, though it might not be apparent to you.

HTTP(S) is a stateless protocol. That is, unlike old-time time-sharing computer services, a web client doesn't simply "dial in" to a web site, do stuff and then "hang up". Instead each HTTP request comes in as a separate self-contained connection which only lasts until the response to that request has been generated and sent back to the client. The next request has to connect all over again. And so forth.

Because of this, the web application cannot tell which of several concurrent web application clients is which by looking at connection IDs, since there are no ongoing connection IDs. Nor can the application use the source IP address. Every web client on my network appears to be located at 96.90.14.153 to a remote server, because I use Network Address Translation (NAT) to avoid having to rent multiple IP addresses from my ISP (besides, the world ran out of spare IP addresses years ago).

The solution to that problem is to pass a token back and forth between client and server that identifies that particular client to the server. If you are using HttpSessions (session-scope objects and/or container logins), then the token is a randomly-generated value known as "jsessionid". The jsessonid value is simply a key to a lock and has no inherent meaning itself. All of the HttpSessions active for a web application are stored in a Map internal to the webapp server, and the jsessionid is nothing more than a key into that Map. So when a request with a jsessionid attached comes in, the server knows to retrieve that jsessionid's HttpSession object and make it available to the webapp application code.

Now here is where Vishwath got into trouble 17 years ago. The jsessionid value is not constant! It is, as I said, a key. That key only has to match the map for the current request. And the server can change the value of that key at any time!

Why would it do this? One reason would be if you switched from HTTP to HTTPS transport. For example, if you'd logged in instead of just being a visitor. If a network snooper had grabbed the jsessionid value, they could pretend to be that logged-in user. But since the jsessionid has been changed by the server when you logged in, the old jsessionid can no longer find the HttpSession. For this reason, neither client not webabb should ever attempt to cache or otherwise use a jsessionid.

OK, so now you know what a jsessionid is. Here's the part that's specific to you. The jsessionid is transmitted as a key/value pair, where the key name is always "jsessionid". If you're using cookies, that means that you can have a cookie whose name (key) is jsessionid and that's it. In fact, if the client is using a smart HTTPClient library, the cookie is received and re-sent automatically and your client doesn't have to code anything.

But if cookies are disabled…!!!

Well, that means we don't have a place to put the jsessionid. Or do we?

In practice, there's a process called "URL Rewriting" that can be done when a web application sends back a URL as a hyperlink or form submit URL (action) to carry the jsessionid. It simply appends the string ";jsessionid=xxxxxxx" to the link that you rewrite. Armed with that. the webapp server can maintain a session without using cookies.

The URL with appended sessionid ID more fragile than using cookies. But sometimes you simply can't use cookies. So this give the same general effect.
 
My cellmate was this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic