Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

sendRedirect() and HttpSession

 
Fisher Daniel
Ranch Hand
Posts: 582
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Dear all,
Is it true that if we use sendRedirect() method, the web container will create new session for that new request?
thanks
daniel
 
ZheMin Lin
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Fisher.
whether a new session will be created or not is determined by the resource to which the request is redirected. say "dest.html", that it won't.
 
Arvind Chavar
Ranch Hand
Posts: 53
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If redirect is to a resource within same web-application then same session is maintained.
I guess if resource reolves to an URL outside of the webcontainer doing redirect, then it sholud start a new session.
In the former case, may be you will be better of using forward or include method of RequestDispatcher rather than sendRedirect(), as you would avoid extra Http interaction with the server.
-Arvind
 
Fisher Daniel
Ranch Hand
Posts: 582
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am still confuse about it.
Actually i have question from Eduardo Cobian's SCWCD Mock Exam..
You are calling the method HttpServletResponse.sendRedirect(String path) and you want to make sure that the user continues in the same session. How do you that?
1) By calling the method with an absolute path as the argument
2) By enconding the path with HttpServletResponse.endcodeURL method
3) By enconding the path with HttpServletResponse.endcodeRedirectURL method
4) If you use sendRedirect the session is lost.

And the answer is 3....
So i think if we dont use that .. the container will create new session for the same client...
Help me to solve this....
thanks
daniel
 
Jessica Sant
Sheriff
Posts: 4313
Android IntelliJ IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if you do NOT use response.endcodeRedirectURL() and the client does NOT have cookies enabled -- then the app server won't have a way to track the client's session and on the next page, they'll get a new Session.
if you do NOT use response.encodeRedirectURL() and the client DOES have cookies enabled -- then everything will be hunky-dory and you'll maintain the client's session.
So... the only way to guarantee that EVERY client will maintain their session after a redirect is to use the .encodeRedirectURL() -- same goes for all normal URLs too -- you should use .encodeURL(), just to be safe.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic