1.User logs into an application and the servlet involved puts some data in HttpSession.
2.User logs out and again logs in using same browser window.
3.A call to HttpSession session = request.getSession(true); will return old session or new session if old session is not timed out yet?
Post by:Paul Sturrock
If the user has logged out the session should have been invalidated (it doesn't need to time out in this instance), so you should get a new session.
Post by:Uli Hofstoetter
, Ranch Hand
Depends on what is meant by "user logs out".
Is session.invalidate() called? Then a session will be created, as the old one was destroyed.
If you mean the user surfed to another page and then returns, the old session should still be alive and valid and should be reused (depending on how session tracking is done .. cookies or url rewriting, ...)
Post by:ajse ruku
, Ranch Hand
Thanks for your replies.
session.invalidate(); was not called when user logged out.
So i think old session will be used if he logs in again with the same browser.
Also if he uses another browser to log in again then it will be a new session?
Post by:Ankit Garg
well if you have not called invalidate, then the old session will be used normally (i.e. if cookies are enabled or if disabled, all the URLs are encoded with session id)
ajse roy wrote:Also if he uses another browser to log in again then it will be a new session?
well if the user uses the same browser's new windows i.e. for example he/she uses two windows of IE 7, then I think the same session will be used as the cookies will be common. But for different browsers i.e. for example one window of IE and one of Fire Fox, then different sessions will be used...
Post by:Rajat Raina
Yes if the session is not invalidated then the same session id is used if you send a request from the same window but if you login from a new window a new seesion id is created thus creating a new session.
It will give me the powers of the gods. Not bad for a tiny ad:
Thread Boost - a very different sort of advertising