Here's my environment. Windows 7, Tomcat 8.x and Java 7.x
I'm writing an application, that has an entry point in the servlet, as opposed to a JSP. In this servlet I create a session, assign a variable to it, and then redirect the user to a JSP page. Here's the JAVA code:
HttpSession session = request.getSession();
logger.debug("Session Id: "+session.getId()+
"New Session? "+session.isNew()+
"Created: "+new java.util.Date(session.getCreationTime()));
session.setAttribute("implementation", sImplementation);
session.setAttribute("RequestId", sRequestId);
response.reset();
response.sendRedirect(request.getContextPath()+"/jsp/ProductSelection.jsp");
In the JSP page that I just redirected to I try to retrieve the session attribute that I just set in the Servlet and the value comes back as null, but only the first time that I use the JSP page. If I call it again by resubmitting the URL in the browser then everything works. :O :( Here's the relevant JSP code, the value of sImplementation is null the first time this JSP is hit.
<% System.out.println("Session Id: "+session.getId()+
"New Session? "+session.isNew()+
"Created: "+new java.util.Date(session.getCreationTime()));
String sImplementation = (String)session.getAttribute("implementation"); %>
Also if I make an entry point into my system to be a JSP page that does nothing but redirect the user to the Servlet everything works as expected. So the session created in the servlet is not valid until. Only when a JSP page is hit. :(
Lastly I tried using dispatcher.forward instead of response.sendRedirect and the session variable is there, however, the bootstrap framework that I'm using to render my pages do not render properly at all. :( I tried this in both Internet Exploder 11.x and Chromium 33.x
So my question is whether the behavior that I'm seeing is normal and expected or if there's something wrong here and there's a solution out there somewhere? :)
Thanks to all in advance, and let me know if anything is unclear or needs more code.
If im not wrong (I might), you should redirect to your jsp using
request.getRequestDispatcher("ProductSelection.jsp").forward(request, response);
This way it will be the same request and you will be able to get your session. By the way if you are creating sessions on your own you should disable the default session made by all jsp's
<%# page session=“false”%>
Make me know if it worked. :·)
Related
In my application I am using struts2 and hibernate. In one of my service classes I used struts2 session for set an attribute and got that attribute in my jsp like this.
here is the java class portion:
Map fileInformation = ActionContext.getContext().getSession();
fileInformation.put("checkFirstPart"," Hello ");
here is the jsp scriptlet:
<%
Map recordedData2=ActionContext.getContext().getSession();
String checkFirstPart = (String)recordedData2.get("checkFirstPart");
%>
<%
if (checkFirstPart != null)
out.println(checkFirstPart);
%>
the problem is by every time i run my project, session is not clear and shows all previous messages until I restart the application server.
I used this also but it was not useful:
fileInformation.clear;
please help.
put this code in your jsp page after getting the attribues:
recordedData2.clear();
I think this will solve your problem
In my servlet (after login) I set the session timeout interval as 30 seconds and also note the sessionID as say X
session.setMaxInactiveInterval(30);
The servlet then forwards to a JSP page (intermediate1) which has a link to the second intermediate page (intermediate2). I don't do anything on the page for around 30 seconds (timeout interval) and then forward to the second jsp page (intermediate 2). Here I print the sessionID and it is NOT X. It is another value. How did this happen? Does the container automatically assign a session object to a JSP page if no session already exists? Kindly help.
JSP spec (for JSP 2.1/JEE6 it is found in chapter "JSP.1.10.1 The page Directive") describes that the session implicit object is on by default, so that every call to a JSP will participate in an existing session/create a new session if needed. It can be turned off as:
<%# page session="false" %>
Because of jsp implicit-object, then see one of them is 'session'.
So, jsp's implicate object always be there.
In your case, already current session object went off, but jsp api make it newly available.
Here is an interesting link I found on the web that answers my own question. FYI.
http://www.xyzws.com/jspfaq/can-i-prevent-the-creation-of-a-session-in-a-jsp-page/20
I have a JSP page from which I'm calling another JSP page using response.sendRedirect(recordUrl2). I have some session variables from the first JSP page which get lost after the redirect. Is there anything that can be done in the web.xml configuration xml file to preserve the session variables?
I added the following in the xml, but the variables weren't maintained:
<session-descriptor>
<persistent-store-type>memory</persistent-store-type>
<sharing-enabled>true</sharing-enabled>
</session-descriptor>
I also tried response.encodeRedirectURL(recordUrl2) instead, but sessions variables weren't maintained.
Are you by any chance redirecting to a JSP hosted in a different JavaEE container or within a different WAR/deployment than the one doing the redirect? That's the only reason, short of you having code somewhere that clears the session, that the second JSP would not be able to access the session.
I am creating a web application in Java. I created some JSP pages each having some form fields. All are post method type so it hides all the form fields. In each page it will call servlet and forward to next JSP page(like a step by step process.)) Welcome page is index.jsp. In the last JSP page also I am having form field which is also post method type. When I press sumbit button, it will call servlet and should forwartd to home page(That is index.jsp).
Last page action value is finish. In my servlet, I am using RequestDispatcher and forwarding to index.jsp. The the URL will be
http://localhost:8080/myproject/finish.
As it is the home page, I wanted to hide that action value. So instead of RequestDispatcher I used
response.sendRedirect("index.jsp"); And then URL becomes
http://localhost:8080/myproject/index.jsp.
This is not a big issue. But still I am asking is there anyway to hide this index.jsp in the URL? It should be like when we open the site for the first time(http://localhost:8080/myproject/).
I got the answer finally. Thanks to #Sayem Ahmed for his reply as comments.
I tried this only
response.sendRedirect("/myproject");
After the user has logged in I want to make a redirect if /login is accessed again, so that the user cannot access the login form if he/she is already authenticated.
I am using Jetty 8 and I found in the FormAuthenticator.java:168 method validateRequest that if the user accesses the login or error page, the user is never authenticated, eventhough that might be the case
if (isLoginOrErrorPage(URIUtil.addPaths(request.getServletPath(),request.getPathInfo())))
return Authentication.NOT_CHECKED;
How can I fix this?
This problem was fixed on 2012-08-07. I think Jetty does not work here as intended. For that reason I filed a bug regarding the redirection behavior. Have a look at the latest Jetty 8, it should work now for you, respectively have a look at the fix.
I struggled with the problem that you described for a while...
I tried to use the API of the session, the request and the response to do a redirect when the user is already logged in, but the authentication data for the user is apparently not available from the login page when using Jetty.
I'm totally new to JSP and Jetty (I'm using it for a class assignment), but I made a solution that worked fairly well, even thought it's not the ideal solution.
First, I made a small bypass by adding a variable in my login page to see if the page had already been loaded, by using the following JSP:
<%
if(session.getAttribute("loginLoadedOnce") == "true")
{
response.sendRedirect("/redirect.jsp");
}
else
{
session.setAttribute("loginLoadedOnce", "true");
}
%>
That way, if the attribute is set incorrectly it will let the user try to login. Otherwise, it will redirect to the redirect page. The redirect page will have the user data available and it will be able to see if a user has certain roles.
The JSP code for the redirect page was like this:
<%
if(request.isUserInRole("admin"))
{
String url = response.encodeRedirectURL("admin/AdminPage.jsp");
response.sendRedirect(url);
}
else if(request.isUserInRole("accounting"))
{
String url = response.encodeRedirectURL("/accounting/Mainpage.jsp");
response.sendRedirect(url);
}
else
{
// Here the user has no role that we are aware of.
session.setAttribute("loginLoadedOnce", "false"); // stop redirect loop.
response.sendRedirect("/login.jsp");
}
%>
Here we check the roles of the user and we redirect to the correct page for the role.
As it is right now, the user will have to logout before he can go back to the login page. Every tentative to go back to the login page will end up redirecting, even using the "Back" button of the browser.
Hoping this will help somebody.