I am having problems with session tracking with JSPs.
I only create one session (request.getSession(true)) and have set the session option to false at the start of the jsp page(ie. session="false"). on subsequent jsp pages i simply retrieve the first created session (eg. request.getSession(false)) and have set the default session="false".
hope all that makes sense
anyway the behaviour of the sessions doesn't seem consistent, and I strongly suspect that its a browser problem rather than a program problem.
>anyway the behaviour of the sessions doesn't seem consistent, and I >strongly suspect that its a browser problem rather than a program problem.
Can you be a bit more explicit about what problems you are encountering? What makes you think sessions aren't working properly? Are you opening multiple windows/sessions?
I believe Firefox only has one session for all its windows/tabs.
What do you expect the session="false" in a jsp page to do? The session is still active, it just specifies that the page does not interact with it. It doesn't prevent you writing scriptlet code to access the session.
request.getSession() should always retrieve a session if one exists. The true/false argument just specifes whether to create one if one does not already exist.
posted 13 years ago
>Can you be a bit more explicit about what problems you are encountering? >What makes you think sessions aren't working properly? >Are you opening multiple windows/sessions?
the thing that makes me think sessions aren't working properly is as follows:
login.jsp ---> displays link to "another.jsp" another.jsp has a page include of "commonfile.jsp" commonfile.jsp has code: if request.getSession(false)==null then page forward to login.jps
this works as its meant to most of the times, ie. logining in with the right details gives you a link to another.jsp and the link works fine.
but sometimes (actually way too often for a system thats meant to be secure) it just takes u back to the login.jsp if you click on the link to another.jsp.
Your code is only testing for the existence of a session - not that it's the same session.
Your probably better off just letting the container manage the sessions for you and test for the existence of your own object bound to session.
When the user logs in, instanciate an object ("userBean") and bind it to session. In all of your other pages retrieve the object from session and test for null. [ August 31, 2005: Message edited by: Ben Souther ]
It's quite possible that I am the one who doesn't fully understand how getSession(false) works because I've never been able to get that working that way (consistently) either.
You could debug the issue with a session listener that logs the new sessionID whenever a session is created. Then tail your logs while you click through your app. Or... You could use the solution that I mentioned earlier. I've had good luck with it and have seen several other people use it. If you do research the issue and find an answer, please post back with your findings.