0

Consider servlet A binds the user to a session like this:

HttpSession session = req.getSession(true);

and that same user soon after performs a request on servlet B which belongs to the same application of servelt A.

At this point When servlet B executes:

HttpSession session = req.getSession(false);

is session null?

Improve this question
3
  • Did you test it? What did you get? Just sysout(session) after that statment.. Commented Oct 13, 2012 at 17:15
  • i get null...but i didn't expect that Commented Oct 13, 2012 at 17:15
  • If that really is happening than there must be something destroying the session in between those two calls. What is session expiration setting? Commented Oct 13, 2012 at 17:21

4 Answers 4

Reset to default
4

Here are the possible reasons for this code to return null:

  • the second call is sent after the session has timed out
  • you restarted the server or redeployed the app between the two calls
  • you restarted your browser between the two calls
  • you used two different browsers or machines to perform the two calls
  • the browser rejects cookies, and you didn't encode your URLs properly for url-rewriting session tracking to work
  • another call between the two calls invalidated the session
  • both servlets are in fact not in the same webapp
Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

1

HttpServletRequest#getSession

true to create a new session for this request if necessary; false to return null if there's no current session

You need to check you receive session id in the request for Second servlet. You can do that using getRequestedSessionId

This can only happen if your session is got invalidated in between two calls or before browser gets session id you have made a call to SeveletB

Improve this answer

2 Comments

But OP used true first to create new session, then used false. That should get him existing session.. But that's not happening. Its returning null.
Yes. This is only possible if session id is not with the browser while making second requests.
0

It actually depends on the order of servlets:

  • if the servlet B will be invoked before A, the the session will not be created
  • if the servlet A will be invoked before B, the session will be created and servlet B will have access to it.

In general, if you want to avoid automatical session creation - you must be sure that the code which uses the session is never executed BEFORE the code which creates the session.

So good practice is to redirect user from servlet B to servlet A if the session is null.

Improve this answer

2 Comments

in my example servlet a is invoked first but does not create a session, then servlet b is invoked and creates a session and finally servlet a is invoked again to use that session created by servlet b.is that not legal ?
servlet A can not execute without creation the session. Something is wrong with your flow.
0

As you have mentioned, servletA is called first and servletB next.

If nothing happens in addition as you have mentioned, you will receive the same session(not null) in servletB which used/created in servletA.

In servletA,

 getSession(true) in servletA means create and return the session if not present otherwise return the existing session

In servletB,

 getSession(false) in servletB means return the existing session if present otherwise return null.

Since you have already created a session in servletA for sure, you will receive not null session in servletB provided nothing happens in between the two calls to wipe-out your session e.g. session expires.

Improve this answer

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.