Granny's Programming Pearls
"inside of every large program is a small program struggling to get out"
JavaRanch.com/granny.jsp
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

how to create a new session in jsf  RSS feed

 
saivenkat venkatesan
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have my Logon.java file which extends the PageCodeBase.java

In PageCodeBase i have the following line to create a sessionScope map

sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);

i hopw it is creating a new session also.

Security reason i want to invalidate the existing session after user login, so i am invalidating the existing session like this.

HttpServletRequest req = (HttpServletRequest)facesContext.getExternalContext().getRequest();
req.getSession().invalidate();

again i want to create a new session,so i am putting the following line again to create a new sessionScope


sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);


but it is failing to create a new session,i don't know my approach is correct or not can someone please give some idea .
[ September 14, 2006: Message edited by: Bear Bibeault ]
 
Dave Salter
Ranch Hand
Posts: 293
Java Mac OS X Netbeans IDE
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Is the problem that your browser is caching pages rather than the session not being invalidated.

I have seen issues where invalidating the session doesn't appear to do so (but actually has) but the browser still allows users to view secured pages because they are cached.
 
Chris Schalk
author
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
After doing:
HttpServletRequest req = (HttpServletRequest)facesContext.getExternalContext().getRequest();
req.getSession().invalidate();

You don't have to manually create a new session.. just simply navigating to another page will do this automatically.

You can do this by programatically using the Faces navigationhandler:

FacesContext ctx = FacesContext.getCurrentInstance();
Application app = ctx.getApplication();
app.getNavigationHandler().handleNavigation(ctx, "/welcome.jsp", "welcome");


Or by just doing an HttpsendRedirect:

response.sendRedirect("../index.jsp");
return null;
 
saivenkat venkatesan
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks Chris,

Actually after i invalidated my session, i am using sessionScope map to store some user information in the same Logon.java file. but since i invalidated the session i couldn't use the sessionScope map. so i want to create a new sessionScope map again after invalidating. if i create it as below it is not creating new sessionScope.

sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);

Please suggest me,
 
Adeel Ansari
Ranch Hand
Posts: 2874
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by saivenkat venkatesan:
In PageCodeBase i have the following line to create a sessionScope map

sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);

i hope it is creating a new session also.


Nope.


Security reason i want to invalidate the existing session after user login, so i am invalidating the existing session like this.

HttpServletRequest req = (HttpServletRequest)facesContext.getExternalContext().getRequest();
req.getSession().invalidate();


Sounds irrational to me.


again i want to create a new session,so i am putting the following line again to create a new sessionScope


sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);


but it is failing to create a new session,i don't know my approach is correct or not can someone please give some idea .


After you invalidated the session, new session object would be created on the next request. You just need to create the map and bind that map to the session. Thats it.
 
saivenkat venkatesan
Greenhorn
Posts: 14
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
i want to create a new session in the same request. after user name and password validation done, i want to store some user info into the sessionScope map in the same request.

since we invalidated the existing session,i couldn't you use the sessionScope map. i want to create a new session and needs to bind with sessionScope.

can you suggest me.
 
Chris Schalk
author
Ranch Hand
Posts: 62
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
from your first msg:

",i don't know my approach is correct or not "

It is not. Or at least I haven't seen that approach being used. Typically when you invalidate a session, you are done.. fini.. you create a new one by having the browser start a fresh request.
Maybe you shouldn't be invalidating your session if you want to preserve portions of it.

Or, maybe someone has done this, but I have seen this done before.

-Chris
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!