Win a copy of Programmer's Guide to Java SE 8 Oracle Certified Associate (OCA) this week in the OCAJP forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

a question about sessions ...

 
Andres Gonzalez
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi guys...
1o.) what does:
request.getSession(false)
do?
I don't understand the false attribute.
2o.) when do you use
response.encodeURL??
when the browser does not support cookies??
3o.) if the browser does not support cookies, can I still use request.getSession??
thanks..
 
Pat Wallwork
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,
1) getSession(false) is an overloaded method that gets an existing session only. If one isn't present then (false) specifies not to create a new session. getSession() or getSession(true) creates a new session if a current one does not exist.
2) You should use encodeURL and encodeRedirectURL for links to other pages that require the current session. If a user has cookies turned off and your links are not encoded the session will be lost.
3) Yes, if you are using encodeURL.
A brief explanation is if a user has cookies turned on then the sessionID is sent along with each request by the browser. If not, and your links are encoded the sessionID is appended to the URL like this:
foo.com/whatever.jsp;jsessionid=s2erhfu0c1
As long as you encodeURL all links the method automatically determines whether to append the sessionID or use cookies.
-Pat
[ August 25, 2002: Message edited by: Pat Wallwork ]
 
Andres Gonzalez
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
thank you.. but:
I'm implementing my web application with sessions and I just noticed this 'problem' (when the user has disabled cookies). what should I do? is it as easy as adding all this encodeURL? or.. should I first check if the user has cookies enabled (how do I do that?). what is the procedure to follow?
thanks
 
Pat Wallwork
Ranch Hand
Posts: 72
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I sympathize with you
It sounds like your learning about them the same way I did. I finished a big app I'd been working on for awhile when someone told me that if they had cookies off they couldn't log-in. After some research I found out all about the encodeURL and had to add that to every link in the site that led to another page which required the current session.
Once you do that to your links you won't have to worry about it anymore. I'd bet this is probably a common mistake people make all the time. And don't anyone say different, it makes me feel better
-Pat
 
James Carman
Ranch Hand
Posts: 580
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Pat Wallwork:
I sympathize with you
It sounds like your learning about them the same way I did. I finished a big app I'd been working on for awhile when someone told me that if they had cookies off they couldn't log-in. After some research I found out all about the encodeURL and had to add that to every link in the site that led to another page which required the current session.
Once you do that to your links you won't have to worry about it anymore. I'd bet this is probably a common mistake people make all the time. And don't anyone say different, it makes me feel better
-Pat

You could use the Struts html tag library which handles all of this stuff for you in the "link" tag.
 
Andres Gonzalez
Ranch Hand
Posts: 1561
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Thanks guys.. So, let me get this straight.
if I have a bunch of links and they all deal with objects in the session I should do something like this:

right?
and if I'm working with:
response.sendRedirect();
I should change it with
response.encodeRedirectURL()
right?
what about if I'm using forward?
thanks
 
Anthony Villanueva
Ranch Hand
Posts: 1055
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Originally posted by Andres Gonzalez:
Hi guys...
1o.) what does:
request.getSession(false)
do?
I don't understand the false attribute.
2o.) when do you use
response.encodeURL??
when the browser does not support cookies??
3o.) if the browser does not support cookies, can I still use request.getSession??
thanks..

1. According to the docs:
public HttpSession getSession(boolean create)
Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session. If create is false and the request has no valid HttpSession, this method returns null.
2. You use encodeURL to maintain session tracking when the client browser does not accept cookies. It's a fallback mechanism in such a case. The web server recognizes the session because this method appends the jsessionid to the query string for you. According to the specs:
SRV.7.1.3 URL Rewriting
URL rewriting is the lowest common denominator of session tracking. When a client will not accept a cookie, URL rewriting may be used by the server as the basis for session tracking. URL rewriting involves adding data, a session id, to the URL
path that is interpreted by the container to associate the request with a session. The session id must be encoded as a path parameter in the URL string. The name of the parameter must be jsessionid. Here is an example of a URL
containing encoded path information:
http://www.myserver.com/catalog/index.html;jsessionid=1234
3. Yes, if you've implemented encodeURL
There's an example of using encodeURL here
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic