request.getSession() usage


Web tier: servlets, JSP, Web frameworks: request.getSession() usage

  1. request.getSession() usage (3 messages)

    Hi, why request.getSession(true/false) can always return a session object even when expired? Is this behaviour correct?
    What I want is if the session expired, then the session object can also become invalid. Otherwiser how can I judge the session is expired or not?

    Threaded Messages (3)

  2. request.getSession() usage[ Go to top ]

    if (request.getSession().isNew()) {

    This will return true only on the first pass thru the web container. Or, put some object in the session. For example, a 'User' object.

    User user = (User) request.getSession().getAttribute("user");

    if (user == null) {
        //expired session
  3. request.getSession() usage[ Go to top ]

    If your objects (that you store in the HttpSession) implement the HttpSessionBindingListener interface, they will be notifed when they are "unbound" from the session, indicating an expired session.

  4. request.getSession() usage[ Go to top ]

    default behaviour of jsp (jsp 1.1) is participating
    in session. If the session hasn't exist, the JSP
    will create a new one. See JSP spec. 1.1 section, page 45.

    You probably have accessed some jsp(s) before you
    access your servlet. Just set your browser to warn
    you before you accept cookies, and restart your
    browser (close all opening browsers/windows), and
    start a new one. Access a JSP, and you should get
    a warning from your browser.