Forums Register Login

how to create a new session in jsf

+Pie Number of slices to send: Send
I have my Logon.java file which extends the PageCodeBase.java

In PageCodeBase i have the following line to create a sessionScope map

sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);

i hopw it is creating a new session also.

Security reason i want to invalidate the existing session after user login, so i am invalidating the existing session like this.

HttpServletRequest req = (HttpServletRequest)facesContext.getExternalContext().getRequest();
req.getSession().invalidate();

again i want to create a new session,so i am putting the following line again to create a new sessionScope


sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);


but it is failing to create a new session,i don't know my approach is correct or not can someone please give some idea .
[ September 14, 2006: Message edited by: Bear Bibeault ]
+Pie Number of slices to send: Send
Is the problem that your browser is caching pages rather than the session not being invalidated.

I have seen issues where invalidating the session doesn't appear to do so (but actually has) but the browser still allows users to view secured pages because they are cached.
+Pie Number of slices to send: Send
After doing:
HttpServletRequest req = (HttpServletRequest)facesContext.getExternalContext().getRequest();
req.getSession().invalidate();

You don't have to manually create a new session.. just simply navigating to another page will do this automatically.

You can do this by programatically using the Faces navigationhandler:

FacesContext ctx = FacesContext.getCurrentInstance();
Application app = ctx.getApplication();
app.getNavigationHandler().handleNavigation(ctx, "/welcome.jsp", "welcome");


Or by just doing an HttpsendRedirect:

response.sendRedirect("../index.jsp");
return null;
+Pie Number of slices to send: Send
Thanks Chris,

Actually after i invalidated my session, i am using sessionScope map to store some user information in the same Logon.java file. but since i invalidated the session i couldn't use the sessionScope map. so i want to create a new sessionScope map again after invalidating. if i create it as below it is not creating new sessionScope.

sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);

Please suggest me,
+Pie Number of slices to send: Send
 

Originally posted by saivenkat venkatesan:
In PageCodeBase i have the following line to create a sessionScope map

sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);

i hope it is creating a new session also.



Nope.


Security reason i want to invalidate the existing session after user login, so i am invalidating the existing session like this.

HttpServletRequest req = (HttpServletRequest)facesContext.getExternalContext().getRequest();
req.getSession().invalidate();



Sounds irrational to me.


again i want to create a new session,so i am putting the following line again to create a new sessionScope


sessionScope = (Map) facesContext.getApplication().createValueBinding("#{sessionScope}").getValue(facesContext);


but it is failing to create a new session,i don't know my approach is correct or not can someone please give some idea .



After you invalidated the session, new session object would be created on the next request. You just need to create the map and bind that map to the session. Thats it.
+Pie Number of slices to send: Send
i want to create a new session in the same request. after user name and password validation done, i want to store some user info into the sessionScope map in the same request.

since we invalidated the existing session,i couldn't you use the sessionScope map. i want to create a new session and needs to bind with sessionScope.

can you suggest me.
+Pie Number of slices to send: Send
from your first msg:

",i don't know my approach is correct or not "

It is not. Or at least I haven't seen that approach being used. Typically when you invalidate a session, you are done.. fini.. you create a new one by having the browser start a fresh request.
Maybe you shouldn't be invalidating your session if you want to preserve portions of it.

Or, maybe someone has done this, but I have seen this done before.

-Chris
Watchya got in that poodle gun? Anything for me? Or this tiny ad?
a bit of art, as a gift, the permaculture playing cards
https://gardener-gift.com


reply
reply
This thread has been viewed 21147 times.
Similar Threads
JSF hurts my head...
ManagedBeanCreation, JSF, and ClassLoading
JSF... My post-JavaOne impressions.
How to inject a backing bean without using faces-config file ?
how to invalidate existing session and create new session in jsf?
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 28, 2024 13:33:32.