Win a copy of Functional Reactive Programming this week in the Other Languages forum!
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic

HttpSession in JSP

 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all, this is my first post.
Something i'm not understanding. I have two JSP pages, index.jsp that submits to servlet A and result.jsp that gets the (request, response) through RequestDispatcher from servlet A. In servlet A, i get a session from HttpSession and set its attribute with a user name parameter i get from index.jsp.

When i test above application with Internet Explorer cookies disabled by writing this simple line of code <%= session.getAttribute("username")%> in the result.jsp, the result.jsp page shows me the input from the index page? how so? shouldn't the output from the result.jsp page be null because cookies were disabled and i didn't use URL rewriting!!

Thanks.
 
sood rahul
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe your code is not even dependent on the browser settings.
Unless you create a cookie object and write something to it and add it to the response object, you do not have to worry about whether cookies are enabled or disabled....seniors please correct me if I am missing some concept here..
 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
sood rahul wrote:I believe your code is not even dependent on the browser settings.
Unless you create a cookie object and write something to it and add it to the response object, you do not have to worry about whether cookies are enabled or disabled....seniors please correct me if I am missing some concept here..


Hi,
I was experimenting with this yesterday and instead of forwarding the (request, response) to the JSP, I used the PrintWriter inside my servlet and the result.jsp showed null when i disabled cookies !? does it have to do with the container *tomcat*?
 
Ashish Arp
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi fadi, first question - Are you using cookies for handling session ?
 
Lalit Mehra
Ranch Hand
Posts: 384
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi there,

just by using setAttirbute() you cannot say that you are working with cookies ...

when you work with cookies ... (they are used to maintain a session with the client) you need to explicitly add a cookie to the response stream

and yes you can access the attributes set using the setAttribute() on any other web app element (in this case your jsp) because they have nothing do with the client (in your scenario)
 
Rahul Nair
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

I think using the cookie in your web application have nothing to do with using HttpSession for user session tracking.

HttpSession internally uses Cookie mechanism for implementation, so if you have disabled the cookie in browser then you have to use URL Rewriting. Except this i think there is no way we can use HttpSession in our application...

Ranchers please correct me i am wrong!

Thanks,

Rahul
 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ashish Arp,
I mentioned in my origianl post that i had IE cookies disabled. Thanks.

Hi Lalit Mehra,
Request.getSession() does all the cookie work for us, it puts jsessionid in the response header so client can send it back to server next time it makes the request. If cookies were disabled then we have to use URL rewriting.

Hi Rahul Nair,
you're right on the money.

On a different forum, someone suggested the following:
When you start an application inbuilt session is created which will expire in 30 min(default) or you need to explicitly invalidate the session.

Thanks all, i won't feel good until i get a solid answer.
 
Nilesh Miskin
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Fadi,
It looks like an issue with Internet Explorer. I tried with Mozilla Firefox & it works just fine; telling me that the session is new for each request when I disable the cookies.
 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Nilesh Miskin wrote:@Fadi,
It looks like an issue with Internet Explorer. I tried with Mozilla Firefox & it works just fine; telling me that the session is new for each request when I disable the cookies.


Hi Nilesh,
Have you tried getting the value from the session.getAttribute("something") in a jsp page? even with cookies disabled and no URL rewriting you'll get the value you assigned in your servlet.

Thanks.
I will try Firefox tonight after work.
 
Rahul Nair
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
fadi aboona wrote:

On a different forum, someone suggested the following:
When you start an application inbuilt session is created which will expire in 30 min(default) or you need to explicitly invalidate the session.

Thanks all, i won't feel good until i get a solid answer.


Yes... we can also mention the time out duration in either web.xml config file OR problematically by calling setMaxInactiveInterval method.
 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
for those who are follwoing this and looking forward for an answer, i got this from another forum.

"Tolls"
You forward to the JSP, but you still haven't left the server. It's no different (frankly) to a method call. It doesn't go to the client so cookies and URL rewriting is irrelevant.
 
Lalit Mehra
Ranch Hand
Posts: 384
Eclipse IDE Firefox Browser Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
fadi aboona wrote:for those who are follwoing this and looking forward for an answer, i got this from another forum.

"Tolls"
You forward to the JSP, but you still haven't left the server. It's no different (frankly) to a method call. It doesn't go to the client so cookies and URL rewriting is irrelevant.


That is what i said ... when you don't leave the server ... there is no need create cookies ... as cookies are meant to establish session term connection with the client and not between the web app elements ...
 
Ram Narayan.M
Ranch Hand
Posts: 247
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What the RequestDispatcher does is Server-side redirection... That is redirection from one web page to other web page is being done without the attention of Browser Client.

So if "result.jsp" alone is hit directly, then you will get null value since a new request is made for "result.jsp" in which Session id is not included to identify the corresponding session in the server and

Username attribute does not exist in the new Session...

or If you use sendRedirect instead of ReqDispatch, then it wont work...
 
Hebert Coelho
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You do still at the same request.

Try doing this with 3 jps. Lets say, jsp1, jsp2 and jsp3.

Try, send something from jsp1 to jsp2. And then, try jsp2 from jsp3.

If you try to recover something from the session it will be a new session from 2 to 3. (Im saying this assuming your cookies are off).

[=
 
  • Post Reply
  • Bookmark Topic Watch Topic
  • New Topic