Win a copy of The Little Book of Impediments (e-book only) this week in the Agile and Other Processes forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

Session Doubt

 
Ankit Mishra
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
If i am making two servlets say for logging into the application and logging out of the application. Now if I create a session in my logging servlet and then again in logging out I say HttpSession session = request.getSession(); and then somewhere there i invalidate the session.

Now i have two questions

1. Does the above means Iam creating two sessions for a client?
2. When i invalidate the session in logging out Servlet does that mean that iam invalidating the session of Logging Servlet for the client or Client is out of the session as a whole?
 
Sebastian Janisch
Ranch Hand
Posts: 1183
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I am not 100% certain on what I say now so there is no guarantee ;)

If you invalidate a session, the server gets rid of the information associated to that session ID (attributes etc.).
If the client sends that ID again, the server won't be able to make anything of it, hence a call to request.getSession() should provide the client with a fresh session id .
 
Ankit Mishra
Ranch Hand
Posts: 40
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi, Sebastian thanks for your reply.

On invalidating the session I will get rid of session true. But I joined session in login servlet and then again I am doing this in my logging out servlet and there in Iam invalidating the session. So I am actually confused with that whether I am joining two different session before invalidating the session itself and there after if I invalidate the session which session I am invalidating.
 
priya rishi
Ranch Hand
Posts: 119
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
if you want to make sure to have one session per client ,

you can set false , in your 2nd servlet and so on.
HttpSession session = request.getSession(false);


you can also manipulate session with its methods like getId() , isNew() and others , so that you know whether the sessions are different or not.


 
Krishna Srinivasan
Ranch Hand
Posts: 1876
Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

Normally the session will be same for that client. even if you are using the getSession it will retrun the same session. If you close the windown then the session will be expired or you can explicitly invalidate the session.
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic