• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • paul wheaton
  • Liutauras Vilda
  • Ron McLeod
Sheriffs:
  • Jeanne Boyarsky
  • Devaka Cooray
  • Paul Clapham
Saloon Keepers:
  • Scott Selikoff
  • Tim Holloway
  • Piet Souris
  • Mikalai Zaikin
  • Frits Walraven
Bartenders:
  • Stephan van Hulst
  • Carey Brown

doubt in session management in jsp

 
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Hi All,

Actually I am drawing a parallelism between servlet session management and
jsp session management . In servlet we write HttpSession session = req.getSession(); and if we generate a response and the client accepts cookies
then the session id is passed on to the client and any subsequent request will
have that session id.Now, if we have to use that particular session
in some other servlet we write HttpSession session = req.getSession();
In servlet we have the option of keeping a request in the same session
or not If we don't write HttpSession session = req.getSession(); that means
we want from this point the request to be out of the session we are using.


Now, my question is:-
As, the session object is by default available in every jsp,I was thinking
if we need to invalidate session explicitly or write session="false" in page directive if we don't want subsequent requests to be considered under a single session .

Another question is in jsp we don't need to write HttpSession session = req.getSession();Any response generated by a jsp will pass the cookie hence the session id to client by default as session object is by default available.

am I right?

Thanks in advance
Dilip
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Originally posted by Dilip Mallik:

In servlet we have the option of keeping a request in the same session
or not If we don't write HttpSession session = req.getSession(); that means
we want from this point the request to be out of the session we are using.



This isn't exactly right.
Once you call getSession, the session object the first time the session is created. The session won't be discontinued if a subsequent request fails to call getSession. If getSession is never called, the container won't instanciate the session object.
In other words, there is no way to 'discontinue' using a session.

The closest thing you could do is call HttpSession.invalidate() which will end that session, causing a new one to be created if, in a subsequent request, getSession is called again.



Now, my question is:-
As, the session object is by default available in every jsp,I was thinking
if we need to invalidate session explicitly or write session="false" in page directive if we don't want subsequent requests to be considered under a single session .



JSPs are compiled into servlet code by your container when they're first hit. By default, the generated code contains a call to getSession unless
you add the session="false" directive to your JSP.

Adding session="false" to another JSP will not invalidate your session.
It will (just like with a servlet that never calls getSession) simply keep that JSP from causing the container to create a session.

If you want to invalidate a session, you would call session.invalidate().

Another question is in jsp we don't need to write HttpSession session = req.getSession();Any response generated by a jsp will pass the cookie hence the session id to client by default as session object is by default available.



Correct.
As mentioned earlier, the generated servlet code will, by default, contain a call to getSession in order to supply the JSP with implicit 'session' variable. That is, unless you add the session="false" directive.

Two things you might want to check out.
1.) The specs for both Servlets and JSP.
There are links to both in my signature.

2.) Your JSP's generated servlet code.
Depending on your container, you might need to alter the configuration in order to keep this around.
You don't with the Tomcat application server.
The generated servlet code will be under the tomcat/work/org/apache/jsp directory.
Try creating a small JSP, hitting it, and then viewing the generated servlet code. Then add the session="false" directive, hit it again, and compare the new servlet code to the old.
 
It's just a flesh wound! Or a tiny ad:
New web page for Paul's Rocket Mass Heaters movies
https://coderanch.com/t/785239/web-page-Paul-Rocket-Mass
reply
    Bookmark Topic Watch Topic
  • New Topic