Hi, why request.getSession(true/false) can always return a session object even when expired? Is this behaviour correct?
What I want is if the session expired, then the session object can also become invalid. Otherwiser how can I judge the session is expired or not?
-
request.getSession() usage (3 messages)
- Posted by: erik wu
- Posted on: August 28 2001 03:00 EDT
Threaded Messages (3)
- request.getSession() usage by Race Condition on August 28 2001 10:29 EDT
- request.getSession() usage by Weston Aiken on August 30 2001 14:21 EDT
- request.getSession() usage by Verdi March on September 13 2001 04:50 EDT
-
request.getSession() usage[ Go to top ]
- Posted by: Race Condition
- Posted on: August 28 2001 10:29 EDT
- in response to erik wu
if (request.getSession().isNew()) {
This will return true only on the first pass thru the web container. Or, put some object in the session. For example, a 'User' object.
User user = (User) request.getSession().getAttribute("user");
if (user == null) {
//expired session
-
request.getSession() usage[ Go to top ]
- Posted by: Weston Aiken
- Posted on: August 30 2001 14:21 EDT
- in response to erik wu
If your objects (that you store in the HttpSession) implement the HttpSessionBindingListener interface, they will be notifed when they are "unbound" from the session, indicating an expired session.
-
request.getSession() usage[ Go to top ]
- Posted by: Verdi March
- Posted on: September 13 2001 04:50 EDT
- in response to erik wu
default behaviour of jsp (jsp 1.1) is participating
in session. If the session hasn't exist, the JSP
will create a new one. See JSP spec. 1.1 section
7.1.1.1, page 45.
You probably have accessed some jsp(s) before you
access your servlet. Just set your browser to warn
you before you accept cookies, and restart your
browser (close all opening browsers/windows), and
start a new one. Access a JSP, and you should get
a warning from your browser.