• Post Reply Bookmark Topic Watch Topic
  • New Topic

JSP session tracking  RSS feed

 
James Clarke
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all,

I am having problems with session tracking with JSPs.

I only create one session (request.getSession(true)) and have set
the session option to false at the start of the jsp page(ie. session="false").
on subsequent jsp pages i simply retrieve the first created session (eg.
request.getSession(false)) and have set the default session="false".

hope all that makes sense

anyway the behaviour of the sessions doesn't seem consistent, and I strongly suspect that
its a browser problem rather than a program problem.

has anyone encountered similar problems ?

thanks,

J.C
 
Stefan Evans
Bartender
Posts: 1837
10
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
>anyway the behaviour of the sessions doesn't seem consistent, and I
>strongly suspect that its a browser problem rather than a program problem.

Can you be a bit more explicit about what problems you are encountering?
What makes you think sessions aren't working properly?
Are you opening multiple windows/sessions?

One thing to be aware of is that with IE, if you open a new window via File:new window, or a javascript window.open, then it shares the same session as the parent window. If you open IE from the desktop shortcut, it has its own seperate session.

I believe Firefox only has one session for all its windows/tabs.

What do you expect the session="false" in a jsp page to do? The session is still active, it just specifies that the page does not interact with it. It doesn't prevent you writing scriptlet code to access the session.

request.getSession() should always retrieve a session if one exists. The true/false argument just specifes whether to create one if one does not already exist.
 
James Clarke
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
>Can you be a bit more explicit about what problems you are encountering?
>What makes you think sessions aren't working properly?
>Are you opening multiple windows/sessions?

the thing that makes me think sessions aren't working properly is as follows:

login.jsp ---> displays link to "another.jsp"
another.jsp has a page include of "commonfile.jsp"
commonfile.jsp has code: if request.getSession(false)==null then page forward to login.jps

this works as its meant to most of the times, ie. logining in with the right details gives you a link to another.jsp and the link works fine.

but sometimes (actually way too often for a system thats meant to be secure) it just takes u back to the login.jsp if you click on the link to another.jsp.

thanks,

J.C
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Your code is only testing for the existence of a session - not that it's the same session.

Your probably better off just letting the container manage the sessions for you and test for the existence of your own object bound to session.

When the user logs in, instanciate an object ("userBean") and bind it to session. In all of your other pages retrieve the object from session and test for null.
[ August 31, 2005: Message edited by: Ben Souther ]
 
James Clarke
Ranch Hand
Posts: 148
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
> Your code is only testing for the existence of a session - not that it's > the same session.

my understanding is getSession(false) returns a session if a session has been created for this user, in addition I have included "<%@ page session="false" %>" on top of the jsp page.

so not only am I testing for an existence of a session but for the existence of a session which was created previously when the user logged in.

let me know if you don't agree though...
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It's quite possible that I am the one who doesn't fully understand how getSession(false) works because I've never been able to get that working that way (consistently) either.

You could debug the issue with a session listener that logs the new sessionID whenever a session is created. Then tail your logs while you click through your app.
Or...
You could use the solution that I mentioned earlier. I've had good luck with it and have seen several other people use it. If you do research the issue and find an answer, please post back with your findings.

-Ben
 
Ben Souther
Sheriff
Posts: 13411
Firefox Browser Redhat VI Editor
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Out of curiosity:
Do you have any include pages that don't have the session="false" directive?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!