This week's book giveaway is in the Cloud/Virtualization forum.
We're giving away four copies of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds and have James Denton on-line!
See this thread for details.
Win a copy of Learning OpenStack Networking: Build a solid foundation in virtual networking technologies for OpenStack-based clouds this week in the Cloud/Virtualization forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Liutauras Vilda
  • Campbell Ritchie
  • Tim Cooke
  • Bear Bibeault
  • Devaka Cooray
Sheriffs:
  • Jeanne Boyarsky
  • Knute Snortum
  • Junilu Lacar
Saloon Keepers:
  • Tim Moores
  • Ganesh Patekar
  • Stephan van Hulst
  • Pete Letkeman
  • Carey Brown
Bartenders:
  • Tim Holloway
  • Ron McLeod
  • Vijitha Kumara

HttpSession in JSP  RSS feed

 
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi all, this is my first post.
Something i'm not understanding. I have two JSP pages, index.jsp that submits to servlet A and result.jsp that gets the (request, response) through RequestDispatcher from servlet A. In servlet A, i get a session from HttpSession and set its attribute with a user name parameter i get from index.jsp.

When i test above application with Internet Explorer cookies disabled by writing this simple line of code <%= session.getAttribute("username")%> in the result.jsp, the result.jsp page shows me the input from the index page? how so? shouldn't the output from the result.jsp page be null because cookies were disabled and i didn't use URL rewriting!!

Thanks.
 
Greenhorn
Posts: 3
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I believe your code is not even dependent on the browser settings.
Unless you create a cookie object and write something to it and add it to the response object, you do not have to worry about whether cookies are enabled or disabled....seniors please correct me if I am missing some concept here..
 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

sood rahul wrote:I believe your code is not even dependent on the browser settings.
Unless you create a cookie object and write something to it and add it to the response object, you do not have to worry about whether cookies are enabled or disabled....seniors please correct me if I am missing some concept here..



Hi,
I was experimenting with this yesterday and instead of forwarding the (request, response) to the JSP, I used the PrintWriter inside my servlet and the result.jsp showed null when i disabled cookies !? does it have to do with the container *tomcat*?
 
Greenhorn
Posts: 4
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi fadi, first question - Are you using cookies for handling session ?
 
Ranch Hand
Posts: 384
Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
hi there,

just by using setAttirbute() you cannot say that you are working with cookies ...

when you work with cookies ... (they are used to maintain a session with the client) you need to explicitly add a cookie to the response stream

and yes you can access the attributes set using the setAttribute() on any other web app element (in this case your jsp) because they have nothing do with the client (in your scenario)
 
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Hi,

I think using the cookie in your web application have nothing to do with using HttpSession for user session tracking.

HttpSession internally uses Cookie mechanism for implementation, so if you have disabled the cookie in browser then you have to use URL Rewriting. Except this i think there is no way we can use HttpSession in our application...

Ranchers please correct me i am wrong!

Thanks,

Rahul
 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi Ashish Arp,
I mentioned in my origianl post that i had IE cookies disabled. Thanks.

Hi Lalit Mehra,
Request.getSession() does all the cookie work for us, it puts jsessionid in the response header so client can send it back to server next time it makes the request. If cookies were disabled then we have to use URL rewriting.

Hi Rahul Nair,
you're right on the money.

On a different forum, someone suggested the following:
When you start an application inbuilt session is created which will expire in 30 min(default) or you need to explicitly invalidate the session.

Thanks all, i won't feel good until i get a solid answer.
 
Ranch Hand
Posts: 44
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
@Fadi,
It looks like an issue with Internet Explorer. I tried with Mozilla Firefox & it works just fine; telling me that the session is new for each request when I disable the cookies.
 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

Nilesh Miskin wrote:@Fadi,
It looks like an issue with Internet Explorer. I tried with Mozilla Firefox & it works just fine; telling me that the session is new for each request when I disable the cookies.



Hi Nilesh,
Have you tried getting the value from the session.getAttribute("something") in a jsp page? even with cookies disabled and no URL rewriting you'll get the value you assigned in your servlet.

Thanks.
I will try Firefox tonight after work.
 
Rahul Nair
Ranch Hand
Posts: 138
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

fadi aboona wrote:

On a different forum, someone suggested the following:
When you start an application inbuilt session is created which will expire in 30 min(default) or you need to explicitly invalidate the session.

Thanks all, i won't feel good until i get a solid answer.



Yes... we can also mention the time out duration in either web.xml config file OR problematically by calling setMaxInactiveInterval method.
 
fadi aboona
Ranch Hand
Posts: 71
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
for those who are follwoing this and looking forward for an answer, i got this from another forum.

"Tolls"
You forward to the JSP, but you still haven't left the server. It's no different (frankly) to a method call. It doesn't go to the client so cookies and URL rewriting is irrelevant.
 
Lalit Mehra
Ranch Hand
Posts: 384
Java Spring
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

fadi aboona wrote:for those who are follwoing this and looking forward for an answer, i got this from another forum.

"Tolls"
You forward to the JSP, but you still haven't left the server. It's no different (frankly) to a method call. It doesn't go to the client so cookies and URL rewriting is irrelevant.



That is what i said ... when you don't leave the server ... there is no need create cookies ... as cookies are meant to establish session term connection with the client and not between the web app elements ...
 
Ranch Hand
Posts: 247
Chrome Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
What the RequestDispatcher does is Server-side redirection... That is redirection from one web page to other web page is being done without the attention of Browser Client.

So if "result.jsp" alone is hit directly, then you will get null value since a new request is made for "result.jsp" in which Session id is not included to identify the corresponding session in the server and

Username attribute does not exist in the new Session...

or If you use sendRedirect instead of ReqDispatch, then it wont work...
 
Ranch Hand
Posts: 754
Eclipse IDE Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
You do still at the same request.

Try doing this with 3 jps. Lets say, jsp1, jsp2 and jsp3.

Try, send something from jsp1 to jsp2. And then, try jsp2 from jsp3.

If you try to recover something from the session it will be a new session from 2 to 3. (Im saying this assuming your cookies are off).

[=
 
It is sorta covered in the JavaRanch Style Guide.
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
Boost this thread!