How to check whether HttpSession is still valid?

J

juppie

Hello all,

I have the following scenario in my Tapestry app.

1) User clicks logout - application servlet invokes proper listener
method which obtains session from HttpServletRequest.getSession(false)
and invalidates it. (HttpSession.invalidate())

2) After that, in the same request another method is invoked which
excecution depends on whether user session exists and is valid. I have
no knowledge that logOut method was invoked earlier.
So this method once again queries HttpServletRequest.getSession(false)
for session and it gets one (??), the one that was just invalidated.

I expected the HttpServletRequest to return null, as the session is
already invalid.

Now - how can I check if this session is still valid? I cannot find any
isValid() method on session, neither I want to keep track of created
sessions through HttpSessionListener - I just need a simple answer from
servlet container - IS THIS SESSION VALID?

This basically boils down to separate invocations of methods:

public logOut(HttpServletRequest request)
{
HttpSession session = request.getSession(false);

if (session != null) {
session.invalidate();
}
}

public doSomething(HttpServletRequest request)
{
HttpSession session = request.getSession(false);
//check if the session exists and is valid
if (????) {
do sth with valid session
}
}



Thanks in advance for any suggestions,
Bernard
 
B

Babu Kalakrishnan

juppie said:
I have the following scenario in my Tapestry app.

1) User clicks logout - application servlet invokes proper listener
method which obtains session from HttpServletRequest.getSession(false)
and invalidates it. (HttpSession.invalidate())

2) After that, in the same request another method is invoked which
excecution depends on whether user session exists and is valid. I have
no knowledge that logOut method was invoked earlier.
So this method once again queries HttpServletRequest.getSession(false)
for session and it gets one (??), the one that was just invalidated.
Click to expand...

Have never tried it to see if it works - but might be worth it to try
if request.isRequestedSessionIdValid() returns false. (One would expect
it to do so)

BK
 
J

juppie

Babu said:
juppie wrote:
Have never tried it to see if it works - but might be worth it to try if
request.isRequestedSessionIdValid() returns false. (One would expect it
to do so)
Click to expand...

Great thanks, I was looking for something like that. I'll try that.
BK
Click to expand...

Best regards,
Bernard
 
O

Oliver Wong

juppie said:
Hello all,

I have the following scenario in my Tapestry app.

1) User clicks logout - application servlet invokes proper listener
method which obtains session from HttpServletRequest.getSession(false)
and invalidates it. (HttpSession.invalidate())

2) After that, in the same request another method is invoked which
excecution depends on whether user session exists and is valid. I have
no knowledge that logOut method was invoked earlier.
So this method once again queries HttpServletRequest.getSession(false)
for session and it gets one (??), the one that was just invalidated.

I expected the HttpServletRequest to return null, as the session is
already invalid.

Now - how can I check if this session is still valid? I cannot find any
isValid() method on session, neither I want to keep track of created
sessions through HttpSessionListener - I just need a simple answer from
servlet container - IS THIS SESSION VALID?
Click to expand...

If the API doesn't provide a flag, you could always manually create one
yourself. Store a boolean in the session indicating whether the session is
valid or not, and set it to false in the code that handles the log-out.

- Oliver
 
B

Babu Kalakrishnan

Oliver said:
If the API doesn't provide a flag, you could always manually create one
yourself. Store a boolean in the session indicating whether the session is
valid or not, and set it to false in the code that handles the log-out.
Click to expand...

Slightly tricky - that one..

When you invalidate a session, the container is supposed to remove all
attributes stored in the session (And call the valueUnbound() methods
of objects that implement the HttpSessionBindingListener interface) -
so one might also need to check for the absence of the flag in the
session rather than the flag being false. Also, calling getAttribute()
on an invalidated session is likely to throw an IllegalStateException
which would need to be handled as well.

BK

BK
 

Ask a Question

Want to reply to this thread or ask your own question?

You'll need to choose a username for the site, which only take a couple of moments. After that, you can post your question and our members will help you out.

Ask a Question

Similar Threads

No action instance for path /welcomeAction could be created 0
How to check whether malloc has allocated memory properly in case ifmalloc(0) can return valid point 83
How to start a new session in JSP? 0
Authorization filter,2 questions... 1
Issue with passing fetched data to POST form. How can I? 0
How to get HttpSession object in servlet without HttpServletRequest object 3
Session Data Crossover Issue! Please Help !!! 1
How to instantiate HttpRequest Object in class level 3

Members online

No members online now.
Total: 35 (members: 0, guests: 35)
Robots: 225

Forum statistics

Threads
473,755
Messages
2,569,537
Members
45,022
Latest member
MaybelleMa

Latest Threads

Top