• Post Reply Bookmark Topic Watch Topic
  • New Topic

session validation problem in servlet/jsp  RSS feed

 
Arun Boraiah
Ranch Hand
Posts: 233
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
The code given below was written with the intention of validating the user session. If user session is new then directing him to login again. That also meant that if this jsp/servlet containing this code is called directly then user should be taken to login page first. But for my surpise this never happened. I checked the session object. And found it was creating new session when this jsp/servlet is called due to which the 'if' block never excuited.
Please help me to understand what is wrong in this code.
Code is as follows
HttpSession ses=request.getSession(false);
if(ses==null){
//code to take the user to login page
}
Regards
arun
 
Tony Alicea
Desperado
Sheriff
Posts: 3226
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Though we all know that a JSP is compiled into a Servlet, there are differences in the execution.
When a servlet is called there may not be an HttpSession object created before.
In a JSP, there IS a session object created before the page is executed. That's why session is one of the implicit objects that exist in a JSP.
Servlets don't have implicit objects like that; you have to create them at some time.
If a JSP forwards to a Servlet, a session object will be present.
[ January 18, 2002: Message edited by: Tony Alicea ]
 
Kyle Brown
author
Ranch Hand
Posts: 3892
5
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
One thing to add to Tony's excellent explanation of your problem. You can turn off the automatic creation of a session in a JSP. Just make sure to insert the following tag at the top of your JSP file.
< %@ page session = "false" % >
Kyle
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!