• Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

May be Authors of HF can help me on this!

 
Bahadar Khan
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

I am not sure, what I am doing wrong here but using the following code, when ever I make a new request from a new browser window from the same machine it starts a new session. But if I repeatedly make requests from one window it doesn't starts new but keeps on adding info in the old session object as per logic. I am using Tomcat 5. Please see below the code of servlet and jsp that calls it. And I would appreciate if somebody could tell me why its happening. As per my understanding requests made from same machine, no matter from different browser windows ( browser is IE 6.0 )should be pointing to the same Session object.

This is the pattern of request: http://localhost:8080/Session

----------------------------
SERVLET CODE
----------------------------


package sessionpkg;

import javax.servlet.*;
import javax.servlet.http.*;
import java.io.*;
import java.net.*;

public class Sessions extends HttpServlet{


String str="";

public void doPost(HttpServletRequest req, HttpServletResponse res) throws java.io.IOException, ServletException{


String str1=req.getParameter("snail");

HttpSession session=req.getSession();

String str=(String)session.getAttribute("track");

if(str==null)str="";

str=str+str1;

session.setAttribute("track",str);


RequestDispatcher rd=req.getRequestDispatcher("/index.jsp");
rd.forward(req,res);


}


}

-----------------------------
Calling JSP CODE ( index.jsp)
-----------------------------

<%=(String)request.getSession().getAttribute("track")%>


<HTML>

<form method=POST action="sessions">


Input a character <input type="text" name="snail">
<input type="SUBMIT">


</form>

</HTML>
 
Kathy Sierra
Cowgirl and Author
Rancher
Posts: 1589
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Howdy!
There is no guarantee (depending on your browser) whether opening a new browser window will start a new session OR be treated as being from the same session.

It's just not specified, so it really depends on the circumstances of the client.

So, what does this mean? It means that in *your* specific example, session attributes are going to be protected from concurrency problems, but on a different system, that might not be the case.

The point is that you can ever be CERTAIN that a particular client won't be able to have multiple browser windows *tricking* the Container into seeing them as coming from a single session, so you must be very careful about protecting your session attributes. In other words, you cannot assume that your session attributes will be thread safe. In your specific example, they *are*, because you can only make one request at a time from a single browser window.

I have no idea which browsers/systems show the *bad* behavior (multiple windows appearing to be from the same session), but it is better to be safe. What happens is that some developers see the behavior that you are getting and assume that session attributes are safe... but it isn't guaranteed and sooner or later, it could be a Big Problem.

cheers,
Kathy
 
Mikalai Zaikin
Ranch Hand
Posts: 3371
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
<DISCLAIMER>
I am not a HF S & JSP author, but try to help
</DISCLAIMER>

Hello Bahadar,

It looks like it works as it should work.
When you open second instance of browser (from Start>All Programs menu) - it does not have cookies for
session from first browser, and new session is created when you test HTML form with second browser.

But you still can open two (or more) browser instances participating in the same session:

add following code to your JSP:



, then hold "Shift" key pressed and click mouse on the link (or use
context menu and select "Open in new window"). You will get another
browser sharing session with first browser.
Submit form from first browser, then submit form from second browser,
I believe the resulting page from second browser will contain result from first browser submission.

regards,
MZ

The described actions above refer to MSIE and Windows platform.
 
Kathy Sierra
Cowgirl and Author
Rancher
Posts: 1589
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Mikalai Zaikin:
[QB]<DISCLAIMER>
I am not a HF S & JSP author, but try to help
</DISCLAIMER>

Actually, you've given us so much help Mikalai (email reports, etc.) that we've made you an "honorary HF author"

Thanks for the help!

And one more thing on this issue--just remember that for the purposes of the exam, Session attributes are not thread-safe because the behavior of the browser with respect to whether multiple browser instances reflect the same (or different) sessions is NOT guaranteed!

And since it *could* happen... well, you know what you need to do.

cheers,
Kathy
 
Bahadar Khan
Ranch Hand
Posts: 81
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks to both of you for your help.

Well, Mikalai, the trick of spawning a new page within the sessionalized page worked. And I can see correct behavior of session object.

Though this is true for practice but I am surprised why would the browsers show such wiered bahvior. And I want to share one more intresting thing with both of you. While I was grappling with this issue, I tried amazon.com and in two separate windows I put some stuff in shopping cart. So two different windows, one site and in the first go each page had one item, but on subsequent hit to either of the shopping cart the merchandise would merge into one cart. This was an added source of anxiety for me, as I blamed my code entirely responsible for this wiered bahavior. But I guess they are exclusively setting cookies somehow which gives a normal bahavior.

But again Many Thanks to both Mikalai and Kathy for their guidance and you fellas have releived my from this hit and trial.


cheers!
 
Mikalai Zaikin
Ranch Hand
Posts: 3371
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Bahadar Khan:
Thanks to both of you for your help.
Well, Mikalai, the trick of spawning a new page within the sessionalized page worked. And I can see correct behavior of session object.


Glag my advise helped you !


Originally posted by Kathy Sierra :

Actually, you've given us so much help Mikalai (email reports, etc.) that we've made you an "honorary HF author"


Very proud to be "honorary HF author"

And I have a question : did you receive my email about errata on HF S & JSP ? It may be some typo on the web-page...

Cheers,
MZ, the "honorary HF author"
 
Rajan Chinna
Ranch Hand
Posts: 320
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
A basic question

when i use
HttpSession session=req.getSession();
does it use cookies? If cookies not enabled what happens in this case?

Thanks
 
Mikalai Zaikin
Ranch Hand
Posts: 3371
12
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
1) It depends on server configuration, it may use cookies or URL-rewriting mechanism.

2) If cookies are disabled and URL-rewriting too - then server creates every time new session, which is lost after response sent back
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic