• Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other Pie Elite all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Tim Cooke
  • Liutauras Vilda
  • Jeanne Boyarsky
  • paul wheaton
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Henry Wong
Saloon Keepers:
  • Tim Holloway
  • Stephan van Hulst
  • Carey Brown
  • Tim Moores
  • Mikalai Zaikin
Bartenders:
  • Frits Walraven

Who all can access HttpSession and/or its attributes ?

 
Ranch Hand
Posts: 37
Netbeans IDE Spring Fedora
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The ServletContext(with attributes) - everyone in the application has access.
The HttpSession(with attributes) - who has access ? Can someone clear my doubt ?
Thankyou very much in advance.
 
Bartender
Posts: 543
4
Netbeans IDE Redhat Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
The user whose jsessionid corresponds to the HttpSession object.
 
Chanakya Gupta
Ranch Hand
Posts: 37
Netbeans IDE Spring Fedora
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thankyou Dieter !
Upon trying an example, I feel all those Servlets/JSPs have access to 'a session'
who have access to the same request. Because, it is request.getSession();

But, there is a HttpSessionEvent.getSession() also. So those Servlets/JSPs/classes
implementing HttpSessionListener also have access to the same session.

To sum up, all those Servlets/JSPs/classes having same
1. HttpServletRequest
2. HttpSessionListener

Am I right ?
 
Greenhorn
Posts: 3
Android Tomcat Server Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
nice
 
Dieter Quickfend
Bartender
Posts: 543
4
Netbeans IDE Redhat Java
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Chanakya:


No, it's like this:

A request doesn't get you a session. The moment you need to put something in a session, and call the getSession() method on the request object, the container will create a session object for you. This object exists on the server. The container will also send a jsessionid in the response, which is stored in a cookie on the client (if you've got cookies enabled). Then, you will automatically send that jsessionid in the header with every request to the server, so that the container recognizes that you're the user that can speak to that particular session object. This is the container's way of maintaining state.

an HttpSessionListener just listens for certain lifecycle events in any session object, and performs a corresponding action. It has nothing to do with who has access to what.

An HttpSession object can span many requests, and many HttpSessionListeners can be registered for any and all HttpSessions.


Hope that clarifies it a little bit.
 
Chanakya Gupta
Ranch Hand
Posts: 37
Netbeans IDE Spring Fedora
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Thankyou Dieter !

So any Servlet/JSP/Class is free to have access
to the 'session' ! Got it, I suppose !
 
Ranch Hand
Posts: 81
Spring Java Ubuntu
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Yes Chanakya,

Any Servlet/JSP can get access to session provided they have access to request object.

Just to clear -
A session can be associated with multiple requests from same client. So be clear about concurrency issues while putting objects in session.

Sourabh
 
Chanakya Gupta
Ranch Hand
Posts: 37
Netbeans IDE Spring Fedora
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator
Summing up from Dieter and Sourabh,

- multiple requests --> same client --> same sessionid

- any part of the webapp can access this sessionid
(with access to request and event)

- and sessions are not thread-safe.

Thankyou sourabh. Its clearer
 
Sheriff
Posts: 13411
Firefox Browser VI Editor Redhat
  • Mark post as helpful
  • send pies
    Number of slices to send:
    Optional 'thank-you' note:
  • Quote
  • Report post to moderator

Chanakya Gupta wrote:Summing up from Dieter and Sourabh,

- any part of the webapp can access this sessionid
(with access to request and event)



The part in the parenthesis is important here.
A ServletContextListener, for example, would not be able to access a session.
Likewise the init method in a servlet has no way to access any session information because servlets can be configured to be loaded when the container starts up, before any actual requests have been made.

 
Could you hold this puppy for a sec? I need to adjust this tiny ad:
Gift giving made easy with the permaculture playing cards
https://coderanch.com/t/777758/Gift-giving-easy-permaculture-playing
reply
    Bookmark Topic Watch Topic
  • New Topic