Yogesh, as per the API documentation, if the isNew() method returns true it means that the client has not yet joined the session (e.g. if cookies are disabled). Therefore, it doesn't mean that the session has just been created.
In other words, the client was not providing the session identifier in requests (e.g. by blocking cookies). URL rewriting allows a session to be tracked even if cookies cannot be used, by adding a session identifier to URLs used by the client. So, by enabling URL rewriting you have enabled session tracking. I hope this makes it easier for you to understand.
but i am sure that cookies were nt disabled in our browser.
i understand that enabling the url rewriting made session id move to and fro between requests, but as far as i remember cookies were enabled in my browser settings.
Second thing, i read the documentation, it says that request.getSession(false) will return a session if it exists, otherwise it will return a null. so i think i do not agree fully to what you said above that it will not return null even if a session does not already exists.
can you please post the documentation here so that others can also be benefitted.
Yogesh, I have absolutely no idea what makes you think that I said that that request.getSession(false) will not return null even if a session does not already exist. Where did I say that??
You are confusing two completely different methods. The boolean isNew() method and the HttpSession getSession(boolean create) methods are two different methods in two different interfaces.
As quoted from the API documentation, the isNew() method in the HttpSession interface:
Returns: true if the server has created a session, but the client has not yet joined
And the getSession(boolean create) method in the HttpServletRequest interface:
Returns: the HttpSession associated with this request or null if create is false and the request has no valid session
The session.isNew() will return true even if the session is not created from request.getSession(false);
if the response has never been sent to the client.
I mean this is the first request that came to the server and a session was created, and then forwarded internally to the servlets on server side...
So, session remains new till the time the response is not sent back to the client.
request.getSession(false) will not create new session.
During the first request to the server, first request not containing any SESSION ID Cookie/ URL rewritten is processed by servlet.
In the process, when request.getSession(true)/getSession() is invoked, new session is created and SESSIONID will be added to cookie in the response.
Then, request forwarding is done to other servlet, when request.getSession(false) will return NULL since this forwarded first request does not contain SESSIONID/URL Rewritten.
This is the general concept. I have got it in Apache Tomcat. Dont know about WebLogic.
Session Management Logic may differ from container to container.
Post by:autobot
I brought this back from the farm where they grow the tiny ads:
a bit of art, as a gift, that will fit in a stocking
![[Logo]](/templates/default/mobile/images/mobile-moose.gif)
