Win a copy of 97 Things Every Java Programmer Should Know this week in the Java in General forum!
  • Post Reply Bookmark Topic Watch Topic
  • New Topic
programming forums Java Mobile Certification Databases Caching Books Engineering Micro Controllers OS Languages Paradigms IDEs Build Tools Frameworks Application Servers Open Source This Site Careers Other all forums
this forum made possible by our volunteer staff, including ...
Marshals:
  • Campbell Ritchie
  • Paul Clapham
  • Jeanne Boyarsky
  • Junilu Lacar
  • Henry Wong
Sheriffs:
  • Ron McLeod
  • Devaka Cooray
  • Tim Cooke
Saloon Keepers:
  • Tim Moores
  • Stephan van Hulst
  • Frits Walraven
  • Tim Holloway
  • Carey Brown
Bartenders:
  • Piet Souris
  • salvin francis
  • fred rosenberger

invalidate a session

 
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
Hi,

to invalidate a session, I know that I can use one of these options

1/ call invalidate on session objetc
2/setMaxInactiveInterval(0) on session object
3/in DD, <session-config><session-timeout>0</session-timeout></session-config>


so, when I call isNew() for the 3 options, I should get IllegalStateException

Why I only get IllegalStateException with the option 1/, why not the 2/ and 3/ ?

regards,

 
Ranch Hand
Posts: 924
1
Netbeans IDE Fedora Java
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
setMaxInactiveInterval(0) wont invalidate your session. i presume you are reading hfsj 2nd edition which as you know targets servlet 2.5 specifications. but now the situation has changed.

Earlier situation(with jee 5) - setMaxInactiveInterval(0) would invalidate the session immediately. setting it to negative will not ever invalidate the session between requests.

current situation : setting setMaxInactiveInterval(0) to both 0 or negative will NOT ever invalidate the session between requests.

so you wont get IllegalStateException with option 2. regarding option 3 i have no idea.

also you should keep checking the book errata as you read the book .here is the link for the same.

http://oreilly.com/catalog/errata.csp?isbn=9780596516680

Regards Gurpreet
 
A. Aka
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
So what I should respond, if I am taking SCWCD 5 ? it throws the Exception ?
why am I not getting the exception, is it because I am using Tomcat 7 ?
If I use tomcat 5 then, I should get the Exception ?





 
Creator of Enthuware JWS+ V6
Posts: 3341
303
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

So what I should respond, if I am taking SCWCD 5 ? it throws the Exception ?


Yes

why am I not getting the exception, is it because I am using Tomcat 7 ?
If I use tomcat 5 then, I should get the Exception ?


Yes, Tomcat 5 uses EE1.4 (Tomcat 6 EE5, Tomcat 7 EE6)

<session-config><session-timeout>0</session-timeout></session-config>


Same thing here, the Session never expires with 0, set-up the timeout to 1 and you will get an exception. Try setting up a HttpSessionListener, to see that your session is removed.

Regards,
Frits
 
A. Aka
Ranch Hand
Posts: 101
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator
I have another question :

the session will never expire if setMaxInactiveInterval has a negative value ?
the session should also never expire if in my tag session-timeout i have a negative value or zero ? right ?
there is no way to have IllegalStateException thrown with the tag session-timeout ?





 
Frits Walraven
Creator of Enthuware JWS+ V6
Posts: 3341
303
Android Eclipse IDE Chrome
  • Mark post as helpful
  • send pies
  • Quote
  • Report post to moderator

the session will never expire if setMaxInactiveInterval has a negative value ?
the session should also never expire if in my tag session-timeout i have a negative value or zero ? right ?


Correct

there is no way to have IllegalStateException thrown with the tag session-timeout ?


Actually there is. Just set your timeout to 1 (minute) and then do the following:
  • Setup a Servlet and inside the doGet() save an attribute in the Session and a reference to the Session object in the Servlet context:

  • Forward to a JSP where you add a link to another Servlet in you web-application
  • Wait for one minute until your Session is destroyed and click on the link to the other Servlet.
  • In the other Servlet get the reference to the Session-object, and try to print the attribute like this:


  • You will get a:

    java.lang.IllegalStateException: getAttribute: Session already invalidated


    Regards,
    Frits
     
    A. Aka
    Ranch Hand
    Posts: 101
    • Mark post as helpful
    • send pies
    • Quote
    • Report post to moderator
    thanks Frits, I really appreciate your help:)
     
    Amateurs built google. Professionals built the titanic. We can't find the guy that built this tiny ad:
    Devious Experiments for a Truly Passive Greenhouse!
    https://www.kickstarter.com/projects/paulwheaton/greenhouse-1
      Bookmark Topic Watch Topic
    • New Topic