In my grails application running on tomcat 7, Somewhere I am invalidating the existing http session (session.invalidate()) and creating a new session (request.getSession(true)).
But my this new session is not getting reflected everywhere in grails application. Due to this I do get 'Session already invalidated'.
I don't want to do request.getSession() everywhere. I am just using 'session'.
Is there anything in Grails 1.3.7, so that this new session gets reflected every where in app.
Please let me know if you need more info.
Regards
Well, Grails holds the reference to a session object and every time you ask it for a session it returns the same reference.. so if you invalidate a session and then ask for the session it will return the same invalidated session, and cause 'session already invalidated' exception..
This should work for you..
Execute following line Just after you do session.invalidate
//Trick - so that grails doesn't use old invalidated session but rather create new.
GrailsWebRequest.lookup(request).session = null
After that you can use session just as you do normally.. you dont need to create a new session yourself
See this thread for internals
Related
i want to know what is __flexSession attribute in httpsession. Working on an application front is flex, wildfly10 is application server and back end is java. HttpSession has an attribute with name of __flexSession, which has HttpFlexSession object.which seems clone of HttpSession.After invalidation of HttpSession whenever I invalidate HttpFlexSession I got this exception.
java.lang.IllegalStateException: WFLYCLWEBUT0001: Session KvLvpquLBKMYJ_APyZ6jzxhenh3cRIjoZtHkdAf3 is invalid at org.wildfly.clustering.web.undertow.session.DistributableSession.validate(DistributableSession.java:55)
at org.wildfly.clustering.web.undertow.session.DistributableSession.getAttribute(DistributableSession.java:142)
at io.undertow.servlet.spec.HttpSessionImpl.getAttribute(HttpSessionImpl.java:122)
at com.os.sp.web.servlet.SessionInvalidateServlet.doPost(SessionInvalidateServlet.java:58)
at javax.servlet.http.HttpServlet.service(HttpServlet.java:707)
This problem is resolved
"__flexSession" is auto created attribute it contains a session which is replica of main session (parent session).
If you will invalidate the session it will automatically invalidate the session contain by "__flexSession" attribute.
If you will invalidate the session contain by "__flexSession" attribute it will invalidate its parent also.
It’s just a theory but the problem is how you can ensure both sessions are invalidated.
So to overcome this doubt solution is first of all isolate both sessions to each other than invalidate one by one as
I want to change the session ID without invalidating the session after every request to the server and preserve all the session variable without invalidating it.
As i am using single login to restrict the user from multiple login by changing a flag is_login to true at session creation and to false when session is destroyed with the help of session listener. and after every request i am invalidating the session for generation of new session ID. can i change the session without invalidating it in JAVA.
Since Java EE 7 and Servlet API 3.1 (Tomcat 8) you can use HttpServletRequest.changeSessionId() to achieve such behaviour.
There is also a listener HttpSessionIdListener which will be invoked after each change.
On Tomcat, I have the below lines of code
session.invalidate();
session = request.getSession(true);
but the new session is having the same sessionId as the prior one that was invalidated.
What is causing this behaviour? how can I force tomcat to create the session with new session id.
Upon Debugging I see that even though the session object referenced in request becomes null, there is this requestedSessionId attribute in request and the container is just using that id to create the new session, how can I override that functionality?
This problem is resolved with Tomcat version 7.0.72. looking at the change log there are quite a few enhancements and bugs related to sessionID generation being addressed between 7.0.40 and 7.0.72. So one of them probably addressed this.
I'm new to java web development. I have created a servlet/jsp web application that is deployed on Tomcat 7. After authentication, the user go through few page that has its own forms. The inputs are stored as session attributes and are displayed on a confirmation before log out.
For the log out, I used session.invalidate() and sendRedirect("Logout.jsp").
If I run the application again, it will return my new input, but it will also copy all the old session input.
I have disabled the session persistence and put the context cachingAllowed="false".
It seems that all the session attributes are stored in the server memory. Is this problem causes by the server configuration?
Make sure you use request.getSession(boolean b) method and not the request.getSession()
All page that should be accessible to logged in user should make a call to request.getSession(false)
If call to this method does not return any session, user should be redirected to login.
make sure your information store in session like this:
HttpSession session = request.getSession();
session.setAttribute("info", info);
when you want to remove it,you should do it like this:
HttpSession session = request.getSession();
session.removeAttribute("info");
I am trying to learn something about the session mgmt aspects of Spring MVC, and am running this Example. However, the "ResetController" is not resetting the counter of the form object to 0. I'm certain the session is being invalidated (If I call session.invalidate() twice, the 2nd call throws Session already invalidated).
Do I have a misconception, or maybe the blog poster made an error?