 |
 | Home | Contact Us | FAQ | Search & Site Map | Link to Us |
 | Sign In | Join | Other 45 Sites in Network |
Java Forum / General / August 2006How to check whether HttpSession is still valid?
Hello all, I have the following scenario in my Tapestry app. 1) User clicks logout - application servlet invokes proper listener method which obtains session from HttpServletRequest.getSession(false) and invalidates it. (HttpSession.invalidate()) 2) After that, in the same request another method is invoked which excecution depends on whether user session exists and is valid. I have no knowledge that logOut method was invoked earlier. So this method once again queries HttpServletRequest.getSession(false) for session and it gets one (??), the one that was just invalidated. I expected the HttpServletRequest to return null, as the session is already invalid. Now - how can I check if this session is still valid? I cannot find any isValid() method on session, neither I want to keep track of created sessions through HttpSessionListener - I just need a simple answer from servlet container - IS THIS SESSION VALID? This basically boils down to separate invocations of methods: public logOut(HttpServletRequest request) { HttpSession session = request.getSession(false); if (session != null) { session.invalidate(); } } public doSomething(HttpServletRequest request) { HttpSession session = request.getSession(false); //check if the session exists and is valid if (????) { do sth with valid session } } Thanks in advance for any suggestions, Bernard > I have the following scenario in my Tapestry app. > [quoted text clipped - 7 lines] > So this method once again queries HttpServletRequest.getSession(false) > for session and it gets one (??), the one that was just invalidated. Have never tried it to see if it works - but might be worth it to try if request.isRequestedSessionIdValid() returns false. (One would expect it to do so) BK > Have never tried it to see if it works - but might be worth it to try if > request.isRequestedSessionIdValid() returns false. (One would expect it > to do so) Great thanks, I was looking for something like that. I'll try that. > BK Best regards, Bernard > request.isRequestedSessionIdValid() returns false. (One would expect it > to do so) I've tried that and it works fine so far. Thank you Bernard > Hello all, > [quoted text clipped - 17 lines] > sessions through HttpSessionListener - I just need a simple answer from > servlet container - IS THIS SESSION VALID? If the API doesn't provide a flag, you could always manually create one yourself. Store a boolean in the session indicating whether the session is valid or not, and set it to false in the code that handles the log-out. - Oliver > > Hello all, > > [quoted text clipped - 21 lines] > yourself. Store a boolean in the session indicating whether the session is > valid or not, and set it to false in the code that handles the log-out. Slightly tricky - that one.. When you invalidate a session, the container is supposed to remove all attributes stored in the session (And call the valueUnbound() methods of objects that implement the HttpSessionBindingListener interface) - so one might also need to check for the absence of the flag in the session rather than the flag being false. Also, calling getAttribute() on an invalidated session is likely to throw an IllegalStateException which would need to be handled as well. BK BK Free MagazinesGet these publications absolutely FREE for up to 12 months. There are no hidden fees and no obligation. Simply choose a title, complete the application form and submit it. Read more ...
|
Reply to this Message
|
 Sign In
 Join
 My Latest Posts My Monitored Threads My Blog My Photo Gallery My Profile My Homepage Start New Thread Enable EMail Alerts Rate this Thread
|
©2008 Advenet LLC Privacy Policy - Terms of Use
This website includes both content owned or controlled by Advenet as well as content owned or controlled by third parties.