This week's book giveaway is in the Jython/Python forum.
We're giving away four copies of Murach's Python Programming and have Michael Urban and Joel Murach on-line!
See this thread for details.
Win a copy of Murach's Python Programming this week in the Jython/Python forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic

Does session.invalidate() kill the HttpSession ?  RSS feed

 
ben oliver
Ranch Hand
Posts: 375
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Does session.invalidate() kill the HttpSession ?
 
Chetan Raju
Ranch Hand
Posts: 109
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I suppose it does.

According to J2EE doc
Invalidates this session then unbinds any objects bound to it.
 
Bear Bibeault
Author and ninkuma
Marshal
Posts: 65826
134
IntelliJ IDE Java jQuery Mac Mac OS X
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It invalidates the session. What else would you mean by "kill"?
 
David O'Meara
Rancher
Posts: 13459
Android Eclipse IDE Ubuntu
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
It makes the session invalid, but:

* this does not mean the session will be cleaned immediately - it may get cleaned later by a lower priority thread
* it doesn't mean the user gets logged out - authentication details may be storred separately
* it doesn't mean they won't just be handed another session - the next request may give them a new one, and it may even have the same session ID

Dave
 
William Brogden
Author and all-around good cowpoke
Rancher
Posts: 13078
6
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
this does not mean the session will be cleaned immediately - it may get cleaned later by a lower priority thread


Whoa! where did that come from? My interpretation of the API and the Javadocs is that ALL bound references will be removed and any listeners notified before the call to invalidate returns. What happens to the previously bound objects is a completely different story.

The session object is then marked as invalid, any further attempt to use it in the servlet will throw an IllegalStateException.

What happens to the session object itself is up to the designer of the servlet engine - it might be discarded or recycled.
Bill
[ August 04, 2006: Message edited by: William Brogden ]
 
Alex Serna
Ranch Hand
Posts: 58
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
David O'Meara wrote:It makes the session invalid, but:

* this does not mean the session will be cleaned immediately - it may get cleaned later by a lower priority thread
* it doesn't mean the user gets logged out - authentication details may be storred separately
* it doesn't mean they won't just be handed another session - the next request may give them a new one, and it may even have the same session ID

Dave


Is it also possible that the session object gets reused and even though after invalidating the session and it's attached attributes being gone I can be getting the same creation time and the same session ID?
 
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!