If I call request.getSession(false), the javadocs says of the getSession() method:
"Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session. If create is false and the request has no valid HttpSession, this method returns null."
But this is not the behavior I'm seeing in my Logon Action... I am in fact NOT getting null back, I am getting a valid session (which no attributesn though). This is in line with what you said, but it seems the javadocs is wrong, and this means that you can never reliably check if a session is null by simply doing session==null, you instead must check if some attribute is present or not to indicate if it's a live session (which is what I was doing previously, I was trying to not do it because it seemed inelegant) because it seems that when a session is invalidated or times out or of course is newly created, the attribute won't be present.
Am I missing something, or is the javadocs in fact incorrect here?
Frank
From: "Shapira, Yoav" <[EMAIL PROTECTED]> Reply-To: "Tomcat Users List" <[EMAIL PROTECTED]> To: "Tomcat Users List" <[EMAIL PROTECTED]> Subject: RE: Vexing session creation issue Date: Wed, 16 Jun 2004 10:47:07 -0400
Hi, The behavior you're seeing is consistent with the servlet specification. If a client chooses not to join a session (which the page session="false" directive indicates), the container may still create sessions for the client, just that it will be a new session each time, with a new ID and empty attributes. This is in the Servlet Spec but summarized nicely in the 2nd to last paragraph of the HttpSession class JavaDoc.
Yoav Shapira Millennium Research Informatics
>-----Original Message----- >From: Frank Zammetti [mailto:[EMAIL PROTECTED] >Sent: Wednesday, June 16, 2004 10:36 AM >To: [EMAIL PROTECTED] >Subject: Vexing session creation issue > >I sent this to the Struts mailing list as well, but it seems like it could >be a Tomcat issue as well (probably just some config option I don't know >about)... > >Argh, this one is hurting my head... > >I have an application that starts out by returning index.jsp (it's the >welcome file). This JSP opens a new window via JavaScript and loads into >it >index1.jsp. index1.jsp populates five frames of a frameset. At the end of >all this, my logon screen is seen. > >The important thing to note here is that no Actions are executed to this >point, it's just loading JSP's, and there is not really any JSP code in any >of these except for a bunch of request.getContextPath() calls. No code >accesses session or anything like that, and there are only two references >to >getting anything out of request (because the logon page might be shown >after >a bad attempt, and I need to get the userID and password that was >attempted). In all of them, I have session="false" in the page tag. > >Now... I've created a SessionListener to tell me when a session is created >or destroyed. Problem is, during all these JSP loads, the create event >fires TWICE! What's worse, session is NOT null (which I expected it to >be), >and worse still, I'm getting two DIFFERENT session ID's! It looks like two >sessions are being created when it seems like absolutely NONE should be. > >I'm banging my head against the wall with this one. Anyone have any ideas? >Thanks folks! > >Frank > >_________________________________________________________________ >MSN 9 Dial-up Internet Access fights spam and pop-ups - now 3 months FREE! >http://join.msn.click-url.com/go/onm00200361ave/direct/01/ > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED]
This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you.
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
_________________________________________________________________
Watch the online reality show Mixed Messages with a friend and enter to win a trip to NY http://www.msnmessenger-download.click-url.com/go/onm00200497ave/direct/01/
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
