session.isNew() gives true after request.getSession(false)

session.isNew() gives true after request.getSession(false);


As per my understanding request.getSession(false) will return an existing session if it exists, else return null.

So, session.isNew() can either give me false, or a NullPointerException.

But to my surprirse, it was giving me a true result.

I am using eclipse and the above thing is observed while debugging.

Does anybody has a clue as to what might be going wrong.

Yogesh, as per the API documentation, if the isNew() method returns true it means that the client has not yet joined the session (e.g. if cookies are disabled). Therefore, it doesn't mean that the session has just been created.

what is meant by client has not joined the session.


well we were able to find the fix.

we were using eclipse along with weblogic.

we changed a tag called as url-rewriting in weblogic.xml to true.

Actually the session id was getting changed between action classes.

after making the above setting, it worked.

In other words, the client was not providing the session identifier in requests (e.g. by blocking cookies). URL rewriting allows a session to be tracked even if cookies cannot be used, by adding a session identifier to URLs used by the client. So, by enabling URL rewriting you have enabled session tracking. I hope this makes it easier for you to understand.

Thanks venessa for the explanation...

but i am sure that cookies were nt disabled in our browser.

i understand that enabling the url rewriting made session id move to and fro between requests, but as far as i remember cookies were enabled in my browser settings.

Second thing, i read the documentation, it says that request.getSession(false) will return a session if it exists, otherwise it will return a null. so i think i do not agree fully to what you said above that it will not return null even if a session does not already exists.

can you please post the documentation here so that others can also be benefitted.

Yogesh, I have absolutely no idea what makes you think that I said that that request.getSession(false) will not return null even if a session does not already exist. Where did I say that??

you said that isnew will return true if client has not joined the session.

my say is that either it can give false or a null pointer, but never true

You are confusing two completely different methods. The boolean isNew() method and the HttpSession getSession(boolean create) methods are two different methods in two different interfaces.

As quoted from the API documentation, the isNew() method in the HttpSession interface:

Returns: true if the server has created a session, but the client has not yet joined

And the getSession(boolean create) method in the HttpServletRequest interface:

Returns: the HttpSession associated with this request or null if create is false and the request has no valid session

Is it clearer for you now?

Thanks Venessa again for your help.

Yeah Now I am able to understand.

The session.isNew() will return true even if the session is not created from request.getSession(false);
if the response has never been sent to the client.
I mean this is the first request that came to the server and a session was created, and then forwarded internally to the servlets on server side...

So, session remains new till the time the response is not sent back to the client.

Reference : https://coderanch.com/t/360464/Servlets/java/Kindly-clarify-HttpSession-isNew

So, taking an assumption that session has been created by the following statement, if isNew returns true, is not always correct.

HttpSession session = request.getSession(false);


Thanks everybody

request.getSession(false) will not create new session.

During the first request to the server, first request not containing any SESSION ID Cookie/ URL rewritten is processed by servlet.
In the process, when request.getSession(true)/getSession() is invoked, new session is created and SESSIONID will be added to cookie in the response.

Then, request forwarding is done to other servlet, when request.getSession(false) will return NULL since this forwarded first request does not contain SESSIONID/URL Rewritten.

This is the general concept. I have got it in Apache Tomcat. Dont know about WebLogic.

Session Management Logic may differ from container to container.