How to check whether HttpSession is still valid?

Discussion in 'Java' started by juppie, Aug 29, 2006.

  1. juppie

    juppie Guest

    Hello all,

    I have the following scenario in my Tapestry app.

    1) User clicks logout - application servlet invokes proper listener
    method which obtains session from HttpServletRequest.getSession(false)
    and invalidates it. (HttpSession.invalidate())

    2) After that, in the same request another method is invoked which
    excecution depends on whether user session exists and is valid. I have
    no knowledge that logOut method was invoked earlier.
    So this method once again queries HttpServletRequest.getSession(false)
    for session and it gets one (??), the one that was just invalidated.

    I expected the HttpServletRequest to return null, as the session is
    already invalid.

    Now - how can I check if this session is still valid? I cannot find any
    isValid() method on session, neither I want to keep track of created
    sessions through HttpSessionListener - I just need a simple answer from
    servlet container - IS THIS SESSION VALID?

    This basically boils down to separate invocations of methods:

    public logOut(HttpServletRequest request)
    {
    HttpSession session = request.getSession(false);

    if (session != null) {
    session.invalidate();
    }
    }

    public doSomething(HttpServletRequest request)
    {
    HttpSession session = request.getSession(false);
    //check if the session exists and is valid
    if (????) {
    do sth with valid session
    }
    }



    Thanks in advance for any suggestions,
    Bernard
     
    juppie, Aug 29, 2006
    #1
    1. Advertising

  2. juppie wrote:
    >
    > I have the following scenario in my Tapestry app.
    >
    > 1) User clicks logout - application servlet invokes proper listener
    > method which obtains session from HttpServletRequest.getSession(false)
    > and invalidates it. (HttpSession.invalidate())
    >
    > 2) After that, in the same request another method is invoked which
    > excecution depends on whether user session exists and is valid. I have
    > no knowledge that logOut method was invoked earlier.
    > So this method once again queries HttpServletRequest.getSession(false)
    > for session and it gets one (??), the one that was just invalidated.
    >


    Have never tried it to see if it works - but might be worth it to try
    if request.isRequestedSessionIdValid() returns false. (One would expect
    it to do so)

    BK
     
    Babu Kalakrishnan, Aug 29, 2006
    #2
    1. Advertising

  3. juppie

    juppie Guest

    Babu Kalakrishnan wrote:
    > juppie wrote:
    > Have never tried it to see if it works - but might be worth it to try if
    > request.isRequestedSessionIdValid() returns false. (One would expect it
    > to do so)


    Great thanks, I was looking for something like that. I'll try that.

    > BK


    Best regards,
    Bernard
     
    juppie, Aug 29, 2006
    #3
  4. juppie

    Oliver Wong Guest

    "juppie" <> wrote in message
    news:ed1810$g3b$...
    > Hello all,
    >
    > I have the following scenario in my Tapestry app.
    >
    > 1) User clicks logout - application servlet invokes proper listener
    > method which obtains session from HttpServletRequest.getSession(false)
    > and invalidates it. (HttpSession.invalidate())
    >
    > 2) After that, in the same request another method is invoked which
    > excecution depends on whether user session exists and is valid. I have
    > no knowledge that logOut method was invoked earlier.
    > So this method once again queries HttpServletRequest.getSession(false)
    > for session and it gets one (??), the one that was just invalidated.
    >
    > I expected the HttpServletRequest to return null, as the session is
    > already invalid.
    >
    > Now - how can I check if this session is still valid? I cannot find any
    > isValid() method on session, neither I want to keep track of created
    > sessions through HttpSessionListener - I just need a simple answer from
    > servlet container - IS THIS SESSION VALID?


    If the API doesn't provide a flag, you could always manually create one
    yourself. Store a boolean in the session indicating whether the session is
    valid or not, and set it to false in the code that handles the log-out.

    - Oliver
     
    Oliver Wong, Aug 29, 2006
    #4
  5. Oliver Wong wrote:
    > "juppie" <> wrote in message
    > news:ed1810$g3b$...
    > > Hello all,
    > >
    > > I have the following scenario in my Tapestry app.
    > >
    > > 1) User clicks logout - application servlet invokes proper listener
    > > method which obtains session from HttpServletRequest.getSession(false)
    > > and invalidates it. (HttpSession.invalidate())
    > >
    > > 2) After that, in the same request another method is invoked which
    > > excecution depends on whether user session exists and is valid. I have
    > > no knowledge that logOut method was invoked earlier.
    > > So this method once again queries HttpServletRequest.getSession(false)
    > > for session and it gets one (??), the one that was just invalidated.
    > >
    > > I expected the HttpServletRequest to return null, as the session is
    > > already invalid.
    > >
    > > Now - how can I check if this session is still valid? I cannot find any
    > > isValid() method on session, neither I want to keep track of created
    > > sessions through HttpSessionListener - I just need a simple answer from
    > > servlet container - IS THIS SESSION VALID?

    >
    > If the API doesn't provide a flag, you could always manually create one
    > yourself. Store a boolean in the session indicating whether the session is
    > valid or not, and set it to false in the code that handles the log-out.
    >


    Slightly tricky - that one..

    When you invalidate a session, the container is supposed to remove all
    attributes stored in the session (And call the valueUnbound() methods
    of objects that implement the HttpSessionBindingListener interface) -
    so one might also need to check for the absence of the flag in the
    session rather than the flag being false. Also, calling getAttribute()
    on an invalidated session is likely to throw an IllegalStateException
    which would need to be handled as well.

    BK

    BK
     
    Babu Kalakrishnan, Aug 29, 2006
    #5
  6. juppie

    juppie Guest

    Babu Kalakrishnan wrote:

    > request.isRequestedSessionIdValid() returns false. (One would expect it
    > to do so)


    I've tried that and it works fine so far.

    Thank you
    Bernard
     
    juppie, Aug 30, 2006
    #6
    1. Advertising

Want to reply to this thread or ask your own question?

It takes just 2 minutes to sign up (and it's free!). Just click the sign up button to choose a username and then you can ask your own questions on the forum.
Similar Threads
  1. Joerg Hoehle
    Replies:
    0
    Views:
    378
    Joerg Hoehle
    Jan 24, 2007
  2. madhur

    whether this is valid

    madhur, Jun 26, 2004, in forum: C Programming
    Replies:
    19
    Views:
    531
    Dan Pop
    Jun 29, 2004
  3. JB
    Replies:
    1
    Views:
    553
  4. Shivanand Kadwadkar
    Replies:
    83
    Views:
    4,815
    Keith Thompson
    Jan 8, 2011
  5. Gene
    Replies:
    0
    Views:
    449
Loading...

Share This Page