1

I have written a simple servlet which I want to test so the old session is kept when I refresh the browser. However it doesn't instead it is creating a new session every time I refresh the page. Isn't it supposed to create a new session only when I close the browser? I'm using ServletRunner instead of running it on Tomcat, can that be the problem?

import java.io.*; import javax.servlet.*; import javax.servlet.http.*; public class SessionPlay extends HttpServlet { public void doGet (HttpServletRequest req, HttpServletResponse resp) throws ServletException, IOException { resp.setContentType("text/html"); //Get session object HttpSession session = req.getSession(true); String id = session.getId(); PrintWriter out; String title = "Session play"; // then write the data of the response out = resp.getWriter(); out.println("<html><head><title>"); out.println(title); out.println(id); out.println("</title></head><body>"); out.println("<h1>" + title + "</h1>"); if(session.isNew()) { out.println("<p>Welcome new comer</p>"); out.println("<p>" + id + "</p>"); } else { out.println("<p>Welcome back</p>"); out.println("<p>" + id + "</p>"); } out.println("<form action=SessionPlay method=get>"); out.println("<input type=input name=param1>"); out.println("<input type=submit>"); out.println("</form>"); out.println("</body></html>"); out.close(); } }
Improve this question

1 Answer 1

Reset to default
2

Sessions are maintained by cookies. When a new session is created in server, it will add a cookie to the response which the client is supposed to send back in all subsequent requests in the same session.

However, you're apparently refreshing the initial request by pressing F5 or refresh button in browser. The initial request doesn't contain the session cookie. If you add a link in the HTML which points to the page itself or another page on the same site and click it, you'll see that the session will just be maintained.

One of the ways to go around this is creating a filter which does a redirect when the session is been created.

Update: cookies are disableable and host and context dependent. You need to ensure that cookies are enabled in both webserver (e.g. Tomcat <Context> doesn't have cookies="false") and webbrowser (somewhere in settings) and that the hostname is not an intranet domain (some browsers disallow cookies on naked hostnames) and that it is submitting to the same context (the webapp context name). For hints how to debug cookies, see this answer.

Unrelated to the problem, emitting HTML in a servlet is not the best practice. This job is to be done by a JSP file. Use RequestDispatcher#forward() to forward the request to a JSP file after doing all the necessary Java code actions.

Improve this answer
Sign up to request clarification or add additional context in comments.

1 Comment

not really. In my example above I have a form which send a GET to the same page. However upon reaching the same page again, without refreshing with F5, a new session is created anyway.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.