Re: Session Invalidate Exception
Thanks for your detailed explanation. Orion is really a great server the
only really missing thing is a document.
- Original Message -
From: elephantwalker [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Saturday, May 12, 2001 9:15 PM
Subject: RE: Session Invalidate Exception
Kesav,
In order to release memory, we need to make sure that we use enterprise
objects which are pooled by orion. As far as I know, these include
stateless session beans, entity beans and stateful session beans. Each of
these are recovered by the appserver as they fall out of context. Servlets
and jsp's are also pooled by the appserver. However, the servlet context
may
include objects which stay in memory...but not real memory. These object
should be serialized as the servlet time's out, or looses its session.
One of the ideas behind application servers in general, and j2ee
specifically is that we register our objects with the appserver, and the
appserver should handle recovery of any objects (and therefore, memory) as
necessary.
If orion needs the memory, it will recover the objects which aren't being
used, because they are part of a pool of objects.
Don't worry so much about the memory stuff, because those guys in Sweden
are
taking care of this for us.
Regards,
the elephantwalker
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar
Sent: Saturday, May 12, 2001 4:58 PM
To: Orion-Interest
Subject: Re: Session Invalidate Exception
By invalidating session we generally think that all the memory will be
released but if invalidate doesn't actually release memore and make the
session object null then we need to have our own measures for releasing
the
memory. My concern is more for the memore rathar than the program error
handling.
- Original Message -
From: Noah Nordrum [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Saturday, May 12, 2001 1:31 PM
Subject: Re: Session Invalidate Exception
So have the page where the user enters their credentials wax their
session,
then the validation of the credentials page will create a new session.
why do you have to invalidate the session? why can't you just do:
===
HttpSession session = request.getSession();
Enumeration attributes = session.getAttributeNames();
while (attributes.hasMoreElements()) {
session.removeAttribute((String)attributes.nextElement());
}
===
Then you'll basically have a fresh session (except for a few
exceptions).
Noah
- Original Message -
From: Jeff Schnitzer [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Saturday, May 12, 2001 1:31 PM
Subject: RE: Session Invalidate Exception
I don't think that excludes the desired behavior, which is that you
should be able to invalidate a session and then create a new one.
It appears that session invalidate() is setting a flag in the session
object causing it to be cleaned up sometime later. Since the only way
to logout a user is to call invalidate(), this causes some headaches.
Ideally I would like my login submit page to a) discard existing
credentials and b) try new credentials. This way if a user was
already
logged in, the net result of a new login attempt will be the
unauthenticated state. Unfortunately I can't call
getSession().invalidate();
session = getSession();
because what I get is the old session, which is going to disappear at
the end of the method, the call to RoleManager.login()
notwithstanding.
Furthermore, a failed call to RoleManager.login() does *not* discard
existing credentials. The only way to accomplish the original goal is
to put the invalidate() on every page with a login form.
Ok, this isn't super critical, but it's annoying nevertheless.
Jeff
-Original Message-
From: Noah Nordrum [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 11, 2001 7:09 PM
To: Orion-Interest
Subject: Re: Session Invalidate Exception
Session Invalidate ExceptionServlet Spec
==
7.2 Creating a Session
Because HTTP is a request-response based protocol, a session
is considered
to be new until a client joins it. A client joins a session
when session
tracking information has been successfully returned to the
server indicating
that a session has been established. Until the client joins a
session, it
cannot be assumed that the next request from the client will
be recognized
as part of the session.
The session is considered to be new if either of the
following is true:
. The client does not yet know about the session
. The client chooses not to join a session. This implies that
the servlet
container has no mechanism by which to associate
RE: Session Invalidate Exception
From: Noah Nordrum [mailto:[EMAIL PROTECTED]]
So have the page where the user enters their credentials wax
their session,
then the validation of the credentials page will create a new session.
That was the solution I mentioned. It is undesirable for three reasons
I can think of; one, it requires a fix in the multiple locations where
there is a login page; two, not every page with login credentials should
cause this behavior (such as a hypothetical log in as someone else
page); three, it requires access to the session in the view.
The last one is the biggest problem, IMHO, because it violates the MVC
paradigm. Views shouldn't have code.
why do you have to invalidate the session? why can't you just do:
===
HttpSession session = request.getSession();
Enumeration attributes = session.getAttributeNames();
while (attributes.hasMoreElements()) {
session.removeAttribute((String)attributes.nextElement());
}
===
Then you'll basically have a fresh session (except for a few
exceptions).
I hadn't thought of that. I heard mention on this list some time ago
that Orion stores its security credentials in the user session. The
only problem is, I don't think there is any guarantee that J2EE app
servers store credentials in the session. That code isn't necessarily
going to work everywhere.
Of course, the RoleManager code isn't portable either, so it doesn't
really matter :-)
Thanks,
Jeff
RE: Session Invalidate Exception
I don't think that excludes the desired behavior, which is that you should be able to invalidate a session and then create a new one. It appears that session invalidate() is setting a flag in the session object causing it to be cleaned up sometime later. Since the only way to logout a user is to call invalidate(), this causes some headaches. Ideally I would like my login submit page to a) discard existing credentials and b) try new credentials. This way if a user was already logged in, the net result of a new login attempt will be the unauthenticated state. Unfortunately I can't call getSession().invalidate(); session = getSession(); because what I get is the old session, which is going to disappear at the end of the method, the call to RoleManager.login() notwithstanding. Furthermore, a failed call to RoleManager.login() does *not* discard existing credentials. The only way to accomplish the original goal is to put the invalidate() on every page with a login form. Ok, this isn't super critical, but it's annoying nevertheless. Jeff -Original Message- From: Noah Nordrum [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 7:09 PM To: Orion-Interest Subject: Re: Session Invalidate Exception Session Invalidate ExceptionServlet Spec == 7.2 Creating a Session Because HTTP is a request-response based protocol, a session is considered to be new until a client joins it. A client joins a session when session tracking information has been successfully returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of the session. The session is considered to be new if either of the following is true: . The client does not yet know about the session . The client chooses not to join a session. This implies that the servlet container has no mechanism by which to associate a request with a previous request. A Servlet Developer must design their application to handle a situation where a client has not, can not, or will not join a session. == That last line is what specifically applies to your situation, only backwards. In this case you are invalidating the HttpSession, but the client doesn't yet know about the pending invalidation, hense the IllegalStateException. Noah - Original Message - From: Kesav Kumar To: Orion-Interest Sent: Friday, May 11, 2001 7:23 PM Subject: RE: Session Invalidate Exception If there is no valid session getSession(false) should return null is in't it? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information -Original Message- From: Jason Coward [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 2:55 PM To: Orion-Interest Subject: RE: Session Invalidate Exception Kesav: I believe that when you call request.getSession(false), it will not create a new session if a valid one does not already exist. If you want to create a new one, right after invalidation of a previous session, call request.getSession() or request.getSession(true). Obviously, you will need to reset your attribute after the new session is created. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar Sent: Friday, May 11, 2001 4:17 PM To: Orion-Interest Subject: Session Invalidate Exception When we call invalidate() method on the session what happens? I was doing the following and I am getting a strange error. This is just a testcondition I am giving to reproduce my error. The reality is much complex. session.setAttribute(kesav, I am nice); session.invalidate(); HttpSession sess = request.getSession(false); if(sess == null) System.out.println(Session is null); Object obj = sess.getAttribute(kesav); After the invalidate I was thinking that I won't get session object thats the reason I had a condition for null. What happening is I am getting a session object and when I try to access any attribute I am getting java.lang.IllegalStateException: Session was invalidated at com.evermind[Orion/1.4.8 (build 10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source) at /Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7) at com.orionserver[Orion/1.4.8 (build 10374)].http.OrionHttpJspPage.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._aj._nxd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)].server.http.JSPServlet.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._vfd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374
Re: Session Invalidate Exception
So have the page where the user enters their credentials wax their session,
then the validation of the credentials page will create a new session.
why do you have to invalidate the session? why can't you just do:
===
HttpSession session = request.getSession();
Enumeration attributes = session.getAttributeNames();
while (attributes.hasMoreElements()) {
session.removeAttribute((String)attributes.nextElement());
}
===
Then you'll basically have a fresh session (except for a few exceptions).
Noah
- Original Message -
From: Jeff Schnitzer [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Saturday, May 12, 2001 1:31 PM
Subject: RE: Session Invalidate Exception
I don't think that excludes the desired behavior, which is that you
should be able to invalidate a session and then create a new one.
It appears that session invalidate() is setting a flag in the session
object causing it to be cleaned up sometime later. Since the only way
to logout a user is to call invalidate(), this causes some headaches.
Ideally I would like my login submit page to a) discard existing
credentials and b) try new credentials. This way if a user was already
logged in, the net result of a new login attempt will be the
unauthenticated state. Unfortunately I can't call
getSession().invalidate();
session = getSession();
because what I get is the old session, which is going to disappear at
the end of the method, the call to RoleManager.login() notwithstanding.
Furthermore, a failed call to RoleManager.login() does *not* discard
existing credentials. The only way to accomplish the original goal is
to put the invalidate() on every page with a login form.
Ok, this isn't super critical, but it's annoying nevertheless.
Jeff
-Original Message-
From: Noah Nordrum [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 11, 2001 7:09 PM
To: Orion-Interest
Subject: Re: Session Invalidate Exception
Session Invalidate ExceptionServlet Spec
==
7.2 Creating a Session
Because HTTP is a request-response based protocol, a session
is considered
to be new until a client joins it. A client joins a session
when session
tracking information has been successfully returned to the
server indicating
that a session has been established. Until the client joins a
session, it
cannot be assumed that the next request from the client will
be recognized
as part of the session.
The session is considered to be new if either of the
following is true:
. The client does not yet know about the session
. The client chooses not to join a session. This implies that
the servlet
container has no mechanism by which to associate a request
with a previous
request.
A Servlet Developer must design their application to handle a
situation
where a client has not, can not, or will not join a session.
==
That last line is what specifically applies to your situation, only
backwards. In this case you are invalidating the HttpSession,
but the client
doesn't yet know about the pending invalidation, hense the
IllegalStateException.
Noah
- Original Message -
From: Kesav Kumar
To: Orion-Interest
Sent: Friday, May 11, 2001 7:23 PM
Subject: RE: Session Invalidate Exception
If there is no valid session getSession(false) should return
null is in't
it?
Kesav Kumar
Software Engineer
Voquette, Inc.
650 356 3740
mailto:[EMAIL PROTECTED]
http://www.voquette.com
Voquette...Delivering Sound Information
-Original Message-
From: Jason Coward [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 11, 2001 2:55 PM
To: Orion-Interest
Subject: RE: Session Invalidate Exception
Kesav:
I believe that when you call request.getSession(false), it
will not create a
new session if a valid one does not already exist. If you
want to create a
new one, right after invalidation of a previous session, call
request.getSession() or request.getSession(true). Obviously,
you will need
to reset your attribute after the new session is created.
Jason
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar
Sent: Friday, May 11, 2001 4:17 PM
To: Orion-Interest
Subject: Session Invalidate Exception
When we call invalidate() method on the session what happens?
I was doing the following and I am getting a strange error.
This is just a
testcondition I am giving to reproduce my error. The reality is much
complex.
session.setAttribute(kesav, I am nice);
session.invalidate();
HttpSession sess = request.getSession(false);
if(sess == null)
System.out.println(Session is null);
Object obj = sess.getAttribute(kesav);
After the invalidate I
Re: Session Invalidate Exception
By invalidating session we generally think that all the memory will be
released but if invalidate doesn't actually release memore and make the
session object null then we need to have our own measures for releasing the
memory. My concern is more for the memore rathar than the program error
handling.
- Original Message -
From: Noah Nordrum [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Saturday, May 12, 2001 1:31 PM
Subject: Re: Session Invalidate Exception
So have the page where the user enters their credentials wax their
session,
then the validation of the credentials page will create a new session.
why do you have to invalidate the session? why can't you just do:
===
HttpSession session = request.getSession();
Enumeration attributes = session.getAttributeNames();
while (attributes.hasMoreElements()) {
session.removeAttribute((String)attributes.nextElement());
}
===
Then you'll basically have a fresh session (except for a few exceptions).
Noah
- Original Message -
From: Jeff Schnitzer [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Saturday, May 12, 2001 1:31 PM
Subject: RE: Session Invalidate Exception
I don't think that excludes the desired behavior, which is that you
should be able to invalidate a session and then create a new one.
It appears that session invalidate() is setting a flag in the session
object causing it to be cleaned up sometime later. Since the only way
to logout a user is to call invalidate(), this causes some headaches.
Ideally I would like my login submit page to a) discard existing
credentials and b) try new credentials. This way if a user was already
logged in, the net result of a new login attempt will be the
unauthenticated state. Unfortunately I can't call
getSession().invalidate();
session = getSession();
because what I get is the old session, which is going to disappear at
the end of the method, the call to RoleManager.login() notwithstanding.
Furthermore, a failed call to RoleManager.login() does *not* discard
existing credentials. The only way to accomplish the original goal is
to put the invalidate() on every page with a login form.
Ok, this isn't super critical, but it's annoying nevertheless.
Jeff
-Original Message-
From: Noah Nordrum [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 11, 2001 7:09 PM
To: Orion-Interest
Subject: Re: Session Invalidate Exception
Session Invalidate ExceptionServlet Spec
==
7.2 Creating a Session
Because HTTP is a request-response based protocol, a session
is considered
to be new until a client joins it. A client joins a session
when session
tracking information has been successfully returned to the
server indicating
that a session has been established. Until the client joins a
session, it
cannot be assumed that the next request from the client will
be recognized
as part of the session.
The session is considered to be new if either of the
following is true:
. The client does not yet know about the session
. The client chooses not to join a session. This implies that
the servlet
container has no mechanism by which to associate a request
with a previous
request.
A Servlet Developer must design their application to handle a
situation
where a client has not, can not, or will not join a session.
==
That last line is what specifically applies to your situation, only
backwards. In this case you are invalidating the HttpSession,
but the client
doesn't yet know about the pending invalidation, hense the
IllegalStateException.
Noah
- Original Message -
From: Kesav Kumar
To: Orion-Interest
Sent: Friday, May 11, 2001 7:23 PM
Subject: RE: Session Invalidate Exception
If there is no valid session getSession(false) should return
null is in't
it?
Kesav Kumar
Software Engineer
Voquette, Inc.
650 356 3740
mailto:[EMAIL PROTECTED]
http://www.voquette.com
Voquette...Delivering Sound Information
-Original Message-
From: Jason Coward [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 11, 2001 2:55 PM
To: Orion-Interest
Subject: RE: Session Invalidate Exception
Kesav:
I believe that when you call request.getSession(false), it
will not create a
new session if a valid one does not already exist. If you
want to create a
new one, right after invalidation of a previous session, call
request.getSession() or request.getSession(true). Obviously,
you will need
to reset your attribute after the new session is created.
Jason
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar
Sent
RE: Session Invalidate Exception
Kesav,
In order to release memory, we need to make sure that we use enterprise
objects which are pooled by orion. As far as I know, these include
stateless session beans, entity beans and stateful session beans. Each of
these are recovered by the appserver as they fall out of context. Servlets
and jsp's are also pooled by the appserver. However, the servlet context may
include objects which stay in memory...but not real memory. These object
should be serialized as the servlet time's out, or looses its session.
One of the ideas behind application servers in general, and j2ee
specifically is that we register our objects with the appserver, and the
appserver should handle recovery of any objects (and therefore, memory) as
necessary.
If orion needs the memory, it will recover the objects which aren't being
used, because they are part of a pool of objects.
Don't worry so much about the memory stuff, because those guys in Sweden are
taking care of this for us.
Regards,
the elephantwalker
-Original Message-
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar
Sent: Saturday, May 12, 2001 4:58 PM
To: Orion-Interest
Subject: Re: Session Invalidate Exception
By invalidating session we generally think that all the memory will be
released but if invalidate doesn't actually release memore and make the
session object null then we need to have our own measures for releasing the
memory. My concern is more for the memore rathar than the program error
handling.
- Original Message -
From: Noah Nordrum [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Saturday, May 12, 2001 1:31 PM
Subject: Re: Session Invalidate Exception
So have the page where the user enters their credentials wax their
session,
then the validation of the credentials page will create a new session.
why do you have to invalidate the session? why can't you just do:
===
HttpSession session = request.getSession();
Enumeration attributes = session.getAttributeNames();
while (attributes.hasMoreElements()) {
session.removeAttribute((String)attributes.nextElement());
}
===
Then you'll basically have a fresh session (except for a few exceptions).
Noah
- Original Message -
From: Jeff Schnitzer [EMAIL PROTECTED]
To: Orion-Interest [EMAIL PROTECTED]
Sent: Saturday, May 12, 2001 1:31 PM
Subject: RE: Session Invalidate Exception
I don't think that excludes the desired behavior, which is that you
should be able to invalidate a session and then create a new one.
It appears that session invalidate() is setting a flag in the session
object causing it to be cleaned up sometime later. Since the only way
to logout a user is to call invalidate(), this causes some headaches.
Ideally I would like my login submit page to a) discard existing
credentials and b) try new credentials. This way if a user was already
logged in, the net result of a new login attempt will be the
unauthenticated state. Unfortunately I can't call
getSession().invalidate();
session = getSession();
because what I get is the old session, which is going to disappear at
the end of the method, the call to RoleManager.login() notwithstanding.
Furthermore, a failed call to RoleManager.login() does *not* discard
existing credentials. The only way to accomplish the original goal is
to put the invalidate() on every page with a login form.
Ok, this isn't super critical, but it's annoying nevertheless.
Jeff
-Original Message-
From: Noah Nordrum [mailto:[EMAIL PROTECTED]]
Sent: Friday, May 11, 2001 7:09 PM
To: Orion-Interest
Subject: Re: Session Invalidate Exception
Session Invalidate ExceptionServlet Spec
==
7.2 Creating a Session
Because HTTP is a request-response based protocol, a session
is considered
to be new until a client joins it. A client joins a session
when session
tracking information has been successfully returned to the
server indicating
that a session has been established. Until the client joins a
session, it
cannot be assumed that the next request from the client will
be recognized
as part of the session.
The session is considered to be new if either of the
following is true:
. The client does not yet know about the session
. The client chooses not to join a session. This implies that
the servlet
container has no mechanism by which to associate a request
with a previous
request.
A Servlet Developer must design their application to handle a
situation
where a client has not, can not, or will not join a session.
==
That last line is what specifically applies to your situation, only
backwards. In this case you are invalidating the HttpSession,
but the client
doesn't yet know about
RE: Session Invalidate Exception
Title: Session Invalidate Exception
Kesav:
I believe that
when you call request.getSession(false), it will not create a new session if a
valid one does not already exist. If you want to create a new one, right
after invalidation of a previous session, call request.getSession() or
request.getSession(true). Obviously, you will need to reset your attribute
after the new session is created.
Jason
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kesav
KumarSent: Friday, May 11, 2001 4:17 PMTo:
Orion-InterestSubject: Session Invalidate
Exception
When we call invalidate() method on the session what
happens?
I was doing the following and I am getting a strange
error. This is just a testcondition I am giving to reproduce my
error. The reality is much complex.
session.setAttribute("kesav", "I am nice");
session.invalidate();
HttpSession sess =
request.getSession(false);
if(sess ==
null)
System.out.println("Session is null");
Object obj =
sess.getAttribute("kesav");
After the invalidate I was thinking that I won't get session
object thats the reason I had a condition for null. What happening is I
am getting a session object and when I try to access any attribute I am
getting
java.lang.IllegalStateException: Session was
invalidated at com.evermind[Orion/1.4.8 (build
10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source)
at
/Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7)
at
com.orionserver[Orion/1.4.8 (build
10374)].http.OrionHttpJspPage.service(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._aj._nxd(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)].server.http.JSPServlet.service(Unknown
Source) at
com.evermind[Orion/1.4.8 (build 10374)]._iib._vfd(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._iib._qjc(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._kj._qbc(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._kj._oa(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._jw.run(Unknown Source)
Any ideas why is it happening?
Kesav Kumar Software Engineer
Voquette, Inc. 650 356 3740
mailto:[EMAIL PROTECTED]
http://www.voquette.com Voquette...Delivering Sound Information
RE: Session Invalidate Exception
Title: Session Invalidate Exception
If
there is no valid session getSession(false) should return null is in't
it?
Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED]
http://www.voquette.com Voquette...Delivering Sound Information
-Original Message-From: Jason Coward
[mailto:[EMAIL PROTECTED]]Sent: Friday, May 11, 2001
2:55 PMTo: Orion-InterestSubject: RE: Session Invalidate
Exception
Kesav:
I believe that
when you call request.getSession(false), it will not create a new session if a
valid one does not already exist. If you want to create a new one, right
after invalidation of a previous session, call request.getSession() or
request.getSession(true). Obviously, you will need to reset your
attribute after the new session is created.
Jason
-Original Message-From:
[EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Kesav
KumarSent: Friday, May 11, 2001 4:17 PMTo:
Orion-InterestSubject: Session Invalidate
Exception
When we call invalidate() method on the session what
happens?
I was doing the following and I am getting a strange
error. This is just a testcondition I am giving to reproduce my
error. The reality is much complex.
session.setAttribute("kesav", "I am nice");
session.invalidate();
HttpSession sess
= request.getSession(false);
if(sess ==
null)
System.out.println("Session is null");
Object obj =
sess.getAttribute("kesav");
After the invalidate I was thinking that I won't get session
object thats the reason I had a condition for null. What happening is
I am getting a session object and when I try to access any attribute I am
getting
java.lang.IllegalStateException: Session was
invalidated at com.evermind[Orion/1.4.8 (build
10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source)
at
/Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7)
at
com.orionserver[Orion/1.4.8 (build
10374)].http.OrionHttpJspPage.service(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._aj._nxd(Unknown Source)
at
com.evermind[Orion/1.4.8 (build
10374)].server.http.JSPServlet.service(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._iib._vfd(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._iib._qjc(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._kj._qbc(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._kj._oa(Unknown Source)
at
com.evermind[Orion/1.4.8 (build 10374)]._jw.run(Unknown Source)
Any ideas why is it happening?
Kesav Kumar Software Engineer
Voquette, Inc. 650 356 3740
mailto:[EMAIL PROTECTED]
http://www.voquette.com Voquette...Delivering Sound Information
Re: Session Invalidate Exception
Session Invalidate ExceptionServlet Spec == 7.2 Creating a Session Because HTTP is a request-response based protocol, a session is considered to be new until a client joins it. A client joins a session when session tracking information has been successfully returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of the session. The session is considered to be new if either of the following is true: . The client does not yet know about the session . The client chooses not to join a session. This implies that the servlet container has no mechanism by which to associate a request with a previous request. A Servlet Developer must design their application to handle a situation where a client has not, can not, or will not join a session. == That last line is what specifically applies to your situation, only backwards. In this case you are invalidating the HttpSession, but the client doesn't yet know about the pending invalidation, hense the IllegalStateException. Noah - Original Message - From: Kesav Kumar To: Orion-Interest Sent: Friday, May 11, 2001 7:23 PM Subject: RE: Session Invalidate Exception If there is no valid session getSession(false) should return null is in't it? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information -Original Message- From: Jason Coward [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 2:55 PM To: Orion-Interest Subject: RE: Session Invalidate Exception Kesav: I believe that when you call request.getSession(false), it will not create a new session if a valid one does not already exist. If you want to create a new one, right after invalidation of a previous session, call request.getSession() or request.getSession(true). Obviously, you will need to reset your attribute after the new session is created. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar Sent: Friday, May 11, 2001 4:17 PM To: Orion-Interest Subject: Session Invalidate Exception When we call invalidate() method on the session what happens? I was doing the following and I am getting a strange error. This is just a testcondition I am giving to reproduce my error. The reality is much complex. session.setAttribute(kesav, I am nice); session.invalidate(); HttpSession sess = request.getSession(false); if(sess == null) System.out.println(Session is null); Object obj = sess.getAttribute(kesav); After the invalidate I was thinking that I won't get session object thats the reason I had a condition for null. What happening is I am getting a session object and when I try to access any attribute I am getting java.lang.IllegalStateException: Session was invalidated at com.evermind[Orion/1.4.8 (build 10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source) at /Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7) at com.orionserver[Orion/1.4.8 (build 10374)].http.OrionHttpJspPage.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._aj._nxd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)].server.http.JSPServlet.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._vfd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._qjc(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._kj._qbc(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._kj._oa(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._jw.run(Unknown Source) Any ideas why is it happening? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com
