• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Jeanne Boyarsky
  • Ron McLeod
  • Paul Clapham
  • Liutauras Vilda
Sheriffs:
  • paul wheaton
  • Rob Spoor
  • Devaka Cooray
Saloon Keepers:
  • Stephan van Hulst
  • Tim Holloway
  • Carey Brown
  • Frits Walraven
  • Tim Moores
Bartenders:
  • Mikalai Zaikin

Correct way to use getSession() in actions?

 
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
My app contains about 15 actions. The URL to enter the app fires up a sort of startup action which initialises things, create's a session etc... before forwarding to the start jsp page i.e this line creates the session -

HttpSession session = request.getSession(true);

In my other actions I want to test for the existence of this session object so I call tell if things like the session's timed out or user tried to open app using a bookmark i.e trying to start the app not from the start action

Should I then in every other action do something like -

HttpSession session = request.getSession(false);

if(session==null)
{
//forward to start action
}

This will only return the session object if it exists & not auto create a new one but is this the way to do it?

Hopefully I've made some sense!

thanks

harry
 
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
That's exactly it!
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
thanks for replying to quickly Marc, doing this now in action -

HttpSession session = request.getSession(false);

if (session == null)
{
return (mapping.findForward(PRDConst.INVALID_ACCESS));
}

Rather than wait for a session timeout I just put the clock forward 1 day & clicked the link that fires up this action - strangely though the session returned is not null - so this ignores the test & fall over on next statements. isNew() == true, it seems to create a new session regardless!

Any ideas?

P.S using weblogic 8.1 sp3 on win 2000 & eclipse 3 is thats any use!

thanks

harry
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Well I can't make getSession() return null regardless of what/any parameters despite what the api doc's say to seems to always return a session object!

Found this on the request object though which appears (gulp! dare I say it) to do the trick perfectly -

e.g

if (!request.isRequestedSessionIdValid())
{
return (mapping.findForward(PRDConst.INVALID_ACCESS));
}
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
No, that getSession(false) should return null.

I think changing your clock may not have invalidated your session as you expected.

Try putting this in your web.xml:
<session-config>
<session-timeout>1</session-timeout>
</session-config>

This will make sessions invalid after a minute.

Another, less thorough test is to place
request.getSession().invalidate();
before you get to request.getSession(false) as this will at least test the functionality of navigating to the proper forward when the session is gone.
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
tried the 1 minute timeout & guess what? it still won't return null!

Is there anything wrong with using request.isRequestedSessionIdValid() as this seems to work perfectly? - after 60 sec's the session times out & isRequestedSessionIdValid() returns false
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
A Harry, I have the same problem. I can NEVER get request.getSession(false) to EVER return a null. I am running Tomcat, so I am assuming that Tomcat must be creating the session automatically.

I would appreciate if anyone could expand on this.

Thanks,
Chughead
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator


public HttpSession getSession(boolean create)

Returns the current HttpSession associated with this request or, if there is no current session and create is true, returns a new session.

If create is false and the request has no valid HttpSession, this method returns null.



If the session is not valid, you should get null.
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Spooky isn't it CH, I get exactly the same on weblogic 8.1 as on TC 5 - I've tried every permutation & I cannot under any circumstances get null!

isRequestedSessionIdValid() seems to do the job perfectly though - would appreciate any comments on this as came across it by accident & not sure if it's safe?

Interested to get to the bottom of this null problem though!
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
There's got to be more to your scenario, like you're using applets or something. I could make 1000 guesses but it wouldn't make a ton of sense.

If the other method works then it's fine. I would be nervous using it if the session is not returning null, but that's me.
[ August 13, 2004: Message edited by: Marc Peabody ]
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I'm not using anything fancy or out of the ordinary Marc - interesting CH gets the same - will take some time out later & try to get to the bottom of it - if I get anywhere I'll post it back here!

Thanks for you help!
 
tumbleweed and gunslinger
Posts: 192
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
If I'm not mistaken, handling of the session is via the browser as a cookie. So unless you are killing "all" of your browser windows and opening a new window or the session cookie in invalidated or you've restarted Tomcat, your session would still be valid no matter what.

The way I test such things is I have FireFox open and IE. I can open two completely different sessions, one in each browser, and test the scenario you talk about.

If you simply do a "new tab" in FF or Control+N in IE, this does NOT create a new session, but creates a new instance of IE using the same session as the parent window (or tab in FF).

To view under a new session, you have to open up a new instance of IE/FF from the shortcut and hit the same page.
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Session will use URL rewriting if cookies are not supported.

At any rate, when a client is inactive for the specified amount of time, the session is supposed to become invalid.

Something I just thought of that may help troubleshooting is to call isNew() on the session you are getting. This will let you know if the session is created during that request or not. If it returns true, you know you have a problem there. You could also call getId() at various places in code to verify that it keeps the same session and does not change.
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi Marc, it does return true despite calling as getSession(false) - any ideas why this might be? - this hs got me worried now!
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
ah ha! - found something on a messageboard & all is reveiled!

locale is true by default & as long as it is, struts will always create a session object - using this <controller locale="false"/> & it returns null! yippeee!

Don't need it anymore anyway but nice to get to the bottom of it - hope this helps others!
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
I assume isNew() would have returned true then.

<-- thinking about locale issue

I thought that the locale thingy only created a session during jsp creation. By your scenario, it seems like a new session gets created at the beginning of the submitted request. Learning something new every day!
 
Ranch Hand
Posts: 401
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
What does locale have to do with Session in that point of view?

I just don't get why locale=true would cause the session to be created automatically.
 
Ranch Hand
Posts: 32
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The best solution for session tracking is using Filters. Inside the filter, check whether the session is new or is timed out or valid and do the appropriate actions.
[ October 27, 2004: Message edited by: Sunil Manheri ]
 
Marc Peabody
pie sneak
Posts: 4727
Mac VI Editor Ruby
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Leandro,

I don't know the complete guts of WHY it does what it does.

All I know is when you want to avoid session, 3 things are needed:
1 set locale to false in struts-config
2 don't use html:html tag
3 put page session="false" in the jsp
 
A Harry
Ranch Hand
Posts: 124
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Sunil, be interested to hear how or see example you go about this using filters (not really familiar with them)

as I said previously using request.isRequestedSessionIdValid() seems to work fine
 
Did you miss me? Did you miss this tiny ad?
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com
reply
    Bookmark Topic Watch Topic
  • New Topic