Setting and removing session attributes - is this the right way to do this?

I have a web application with a 'request' form. When a user fills out the form and submits it, if it fails validation (either front-end javascript validation or back-end servlet validation), I'd like to keep the values they already entered so they don't have to re-type the data in. I set session attributes in my servlet to retain these values.

However, once a user successfully submits a form, if they bring up a new one, I don't want it to have the values from the last time they submitted a form - it should be a blank form, but since I'm using session attributes (session.setAttribute("foo", bar);) these values are being retained.

What is the best way to work around this?

Should I could set a field on the form to some value if validation fails, then have the servlet check that field. If it determines validation failed, I would retain the session attributes, but if not (meaning it's a new form) I would remove the session attributes? Or should I be doing something in the jsp itself?

Or should I be going about this another way? Are session attributes the way to do it? Originally I was using request attributes, but to work around issues I was having with double submissions and with URLs showing the servlet names, I decided to go with session attributes and response.sendRedirect, rather than request attributes and requestDisplatcher.forward.

I'm guessing this must come up often and was hoping to get some suggestions on how to best deal with it. I'm very new to java and servlets and this type of web development and would like to do this right, but I'm struggling.

Thanks for any info.

If you validate with javascript you can cancel the submit, which won't erase the values of the fields.

OK. But the same questions apply when the user submits successfully and I display their data for them on a confirmation page. I set the session attributes in order to display them on my confirmation.jsp. Now, the user creates a new request and those values pull into the fields since they are still in the session.

I tried removing them after I did the response.SendRedirect, but then they were removed for the confirmation page as well (and I 'think' I understand why). But I can't remove them on page load since I'm not running my java servlet at that point. Should I try to remove them javascript on page load? (is that possible?)

onload would be a poor place to do this. And difficult.... stow that idea.

Since they are only relevant when something goes awry, remove them after a successful operation.

There is more to the application - it's not only relevant when there is a problem. Part of the application also allows the user to type in a request # and the servlet puts the data retrieved from the database into session attributes to display on the page. Is there a way to write the page, putting all the session attributes in place, and then clear the attributes so they are not there for the next request?

Answering you based on the assumption that when the user enters value in page1.jsp and submits it to Servlet A which add the values to session and validates, if validation failed page1.jsp is called with the values from session, if validation succeeds page2.jsp (confimation page) is called and loaded with the values from session and then the session values are cleared. So the session values are removed when the page2.jsp is rendered.

I am pretty sure this works, as I have used the same logic in my application.

I had tried the following - a redirect to my page via:

response.sendRedirect(request.getContextPath() + "/" + pageToReturn);

then clearing my session attributes via:
session.removeAttribute("reqDesc");

However, when my page loaded, all the field values were empty as if the attributes were being cleared prior to the page load. I wasn't able to clear the session attributes without affecting the current page.

Is this something that 'should' work? Is it possible to do the redirect, then remove the attributes without affecting the page that is loading? I would think that doing the redirect first, then removing the attributes should do the trick, but I wasn't able to get it to work that way.

You need to remove the attributes from the session in the pageToReturn page after populating the values.

If you remove session attribs after send redirect, then obviously your confirmation page will be empty.