Forums Register Login

JSTL creates unwanted sessions

+Pie Number of slices to send: Send
JSTL uses session scope. For example, the fmt tags use session scope to store a variable named "javax.servlet.jsp.jstl.fmt.request.charset".
This bothers me - a lot. Sessions should be under the full control of the application programmer. They should not be created by low-level items such as JSTL tags.
Arguments in favor of this position :
- sessions put an extra load on the server
- when cookies are not available, URLs are rewritten, and become much longer. It is often desirable to keep URLs simple and short if at
all possible, since it makes them easier for people to copy/paste out of emails (for exmaple).
I am going to pains in the current app I am building to create sessions
only when necessary. However, it seems that JSTL is creating them "without
my consent" in the background (this is unconfirmed, however).
Has anyone a comment on this issue?
+Pie Number of slices to send: Send
If you are using JSP and Servlets you are going to have a session. The fact that JSTL tacks an attribute onto this session does not create any new sessions. It merely adds an entry in the map that the already existing session is maintaining to keep track of its attributes.
This is a cheap and simple operation.
And yes, it behooves one when writing a web app to be sure that session data does not get out of control, but that is clearly not the case here.
hth,
bear
+Pie Number of slices to send: Send
John, most of the default scoping used by the JSTL is page, not session. Are you explictly setting the scope attribute to session? If not, which actions are you talking about?
Sue
+Pie Number of slices to send: Send
I have seen the issue with the fmt tag. Here is an example.
<%--
Unwanted: Places bean named javax.servlet.jsp.jstl.fmt.request.charset in session scope
--%>
<%--
Copyright © <fmt:formatDate value="${now}" pattern="yyyy" /> - Hirondelle Systems
--%>
<%--
If this hard-coded style is used, the javax.servlet.jsp.jstl.fmt.request.charset
bean will not be placed in session scope
--%>
Copyright © 2004 - Hirondelle Systems
Log extracts:
WITH fmt tag, I get both session creation, and a bean placed in session scope:
Sep 30, 2003 5:00:49 PM hirondelle.webappskeleton.ui.AbstractRequestParser checkParamNamesAndValues
FINE: SESSION CreationDate: Tue Sep 30 17:00:25 EDT 2003
SESSION Object Name: javax.servlet.jsp.jstl.fmt.request.charset Value: "ISO-8859-1"
WITHOUT fmt tag, there is no bean in session scope, but session creation
is still taking place:
Sep 30, 2003 5:02:26 PM hirondelle.webappskeleton.ui.AbstractRequestParser checkParamNamesAndValues
FINE: SESSION CreationDate: Tue Sep 30 17:02:25 EDT 2003

Such sessions are not part of my program logic. I cannot see any other possible source for them except JSTL. If such is the case, I would submit that JSTL should *NOT* be behaving like this. No way Jos�.
+Pie Number of slices to send: Send
FYI:
From the JSTL spec, section 8.4:
"After an action has called ServletResponse.setLocale(), and sessions are
enabled, it must determine the character encoding associated with the response locale (by calling ServletResponse.getCharacterEncoding()) and store it in the scoped variable javax.servlet.jsp.jstl.fmt.request.charset in session scope."
+Pie Number of slices to send: Send
Surelly I can say that JSTL is in page scope by default too... Unless the developers intentionally set the attributes to be session scope
+Pie Number of slices to send: Send
Well, according to my last quote of the JSTL spec, your comment is glaringly and incontrovertibly false.
+Pie Number of slices to send: Send
 

Originally posted by John O'Hanley:
Well, according to my last quote of the JSTL spec, your comment is glaringly and incontrovertibly false.


John,
Are you able to retrieve javax.servlet.jsp.jstl.fmt.request.charset attribute value from session?
+Pie Number of slices to send: Send
Yes.
As shown in this log extract, the value is "ISO-8859-1", which is the default character encoding.
SESSION Object Name: javax.servlet.jsp.jstl.fmt.request.charset Value: "ISO-8859-1"
As well, I am using the Jakarta Taglibs implementation.
+Pie Number of slices to send: Send
This means that session is created even if do not want to. :roll:
+Pie Number of slices to send: Send
 

This attribute may be used by the <fmt:requestEncoding> action (see
Section 8.10) in a page invoked by a form included in the response to set the request
charset to the same as the response charset. This makes it possible for the container
to decode the form parameter values properly, since browsers typically encode form
field values using the response�s charset.

 
+Pie Number of slices to send: Send
 

Originally posted by Pradeep Bhat:
This means that session is created even if do not want to. :roll:


I guess so.... :roll:
+Pie Number of slices to send: Send
 

Originally posted by Ko Naing:

I guess so.... :roll:



Thatss bad.. any work arounds?
:roll:
+Pie Number of slices to send: Send
 

Originally posted by Pradeep Bhat:


Thatss bad.. any work arounds?
:roll:



Switch to ASP .NET
+Pie Number of slices to send: Send
 

Originally posted by Pradeep Bhat:


Thatss bad.. any work arounds?
:roll:


Switch to C# .Net, since syntax of C# is similar to that of Java...
+Pie Number of slices to send: Send
The answer:
JSPs always create a session, if one does not exist.
This default behavior is turned off using the page directive, as in
<%@ page session="false" %>
See:
http://www.javapractices.com/Topic191.cjp
Life just hasn't been the same since the volcano erupted and now the air is full of tiny ads.
a bit of art, as a gift, that will fit in a stocking
https://gardener-gift.com


reply
reply
This thread has been viewed 3450 times.
Similar Threads
Backing Bean Scope (Best Practices?)
destroy sessionContext from EJB?
can the scope be added to all JSTL tags?
Session Tracking using HttpSession
JSTL Help
More...

All times above are in ranch (not your local) time.
The current ranch time is
Mar 29, 2024 01:35:36.