I understand that a jsp automatically creates a session but when set to false using page import, its not created.But when i try printing the session id cookie even if the session has been set to false, I don't get a null value.Instead I get a long SessionId value.
I wonder how is this possible.
Related
I am trying to create a cookie and set its max age.
i am using set Comment and set Max Age method to set the same.
HttpSession browserSession = httpRequest.getSession();
Cookie cookie = new Cookie("SESSION", browserSession.getId());
cookie.setComment("test");
cookie.setMaxAge(Integer.MAX_VALUE);
httpResponse.addCookie(cookie);
but when i fetch cookies form Request and then i debug it, comment is null and max age of cookie is -1, the cookie name i am setting as SESSION.
why is this happening?
This is expected behaviour. Take into account that max-age applies to a client-side, but clients will only send to server the pair name value.
So, if you set "3600" to your cookie and add it to the response, you should see that on the cookie from the client side, but the cookie contained on the very next request will show you, probably, -1, on the server side.
See RFC6265 4.2.2 for further information.
On server side I'm using Java and on the client side Ionic1.
I'm setting Java object to session like this:
session.setAttribute("userId", userObj.getUserId());
After setting session i need to get that session in another method, that time I'm using like this
Long userId = (Long) session.getAttribute("userId");
Here if i send request from mobile to server I will get session.getAttribute value.
But I sent request from browser to server that time I will get session.getAttribute value is NULL
Make sure you are calling the getAttribute() only after the session has been created. Its a common mistake to access the session attributes when no session exists.
Basically, validate and make sure session exists and that the attribute value has been set in the application flow before trying to get the session attributes.
HttpSession session = request.getSession(true);
// true will create a session is does not already exists
if(session != null) {
// get your session attributes here.
// Your Session Attributes should be set before you're trying to access them
}
my code,
HttpSession session = request.getSession(false);
// Details.l.info(" 1>>>>session ID is : " + session.getId());
Details.l.info("["+this.getClass()+"]"+"request from "+request.getRemoteHost());
if(session==null){
session = request.getSession(true);
Details.l.info("["+this.getClass()+"]"+"Session Created!!!!!!!!!!!!!!!!!!!#####$####");
Details.l.info(" 2>>>>>session ID is : " + session.getId());
}
Details.l.info(" 3>>>>>session ID is : " + session.getId());
// System.out.println("session ID is : " + session.getId());
Details DTO = new Details(request);
String loc = DTO.findMyLocation();
session.invalidate();
here, i am creating a session at the very beginning of the servlet with a logic that if the session already exists, then give hat session ID for that particular user or if a session does not exist for this particular user, please create a new session and then give the new session ID, here the new session is created inside the IF condition and i have tested in all possible ways (i have used two different systems and tried hitting to the servlet on one system too) but the control never gets into this loop where the session is getting created. but i see every time i hit to the servlet i get a new session ID!!! can someone please exlain this behavior of my servlet?? i am very new to sessions and servlets!!
Thanks in Advance..
JSPs implicitely create a session, unless session is set to false in the page directive:
<%# page session="false" %>
That's why your servlet always sees an already existing session. Simply enter the address of the servlet in the browser address bar (provided the code you posted is in the doGet() method), instead of going through the JSP to invoke it, and you should see the servlet create a new session.
EDIT: note that the spec says about this session attribute that it can be used to specify that the JSP doesn't participate in the session. Nothing guarantees that no session will be created when invoking the JSP. Only that, if you try to access the session from this JSP, you'll get an exception.
You may want to use request.getSession(true) to always create a session.
In my application I want to update the jsessionid value from sessionid to quit or null. I'm performing following actions to do this thing but it is not working fine.
Cookie cookie = new Cookie("JSESSIONID","quit");
cookie.setDomain(domain);
cookie.setPath("/"+path);
cookie.setMaxAge(0);
reponse.addCookie(cookie);
and tried with set-cookie in headers also. I'm not able to change the cookie value. Temporarily, I am overriding with javascript, but it won't work if we enable cookie as httpOnly; and one question am I able to change the value of jsessionid if it is marked as secure.
I have multiple applications so multiple jsessionids are creating I tried to set/update those values by adding above code in response to update.
When I observed in Firefox the jsessionid is still there and continuing for next request cycle also. How can I change the jsessionid value through java. I can update with javascript but the cookies are enabled with HttpOnly flag to true.
Hi in jsp of JavaScript i am checking userdId in session or not it always have session id if session expires also, but i checked in java Action class after session expires userid is null but not in jsp. code link
Try alerting the sessionId in your javascript code. You will find that the sessionId is different after the old one has expired.
Also check what the code is doing when a new session is created. It might be setting the userid in the new session.