Deprecated HttpSession.putValue vs HttpSession.setAttribute

Similar Messages

• Where is HttpSession.setAttribute stored?

  I have a jsp that keeps count and is storing the info in a HttpSession object using the setAttribute method(The code is at the bottom). How does the server know I am the same client is before? I am just using http which is stateless. I also don't see any cookies transferring the data back. If I close and reopen, my browser, the incrementing starts all over again. Thanks for helping me understand this better.
  dean
  <%@ page errorPage="errorpage.jsp" %><html>  <head>    <title>Session Example</title>  </head>  <body>    <%      // get a reference to the current count from the session      Integer count = (Integer)session.getAttribute("COUNT");            if ( count == null ) {              // If the count was not found create one        count = new Integer(1);        // and add it to the HttpSession        session.setAttribute("COUNT", count);      }      else {         // Otherwise increment the value        count = new Integer(count.intValue() + 1);        session.setAttribute("COUNT", count);      }        out.println("<b>You have accessed this page: "        + count + " times.</b>");    %>  </body></html>

  also don't see any cookies transferring the data backHow do you say that? Have you checked it using some proxy tool or something?
  It's this way- if cookies are enabled on your browser, each time the browser requests a resource from the same webapp, the browser is sure to send the cookie back(if the server has put one). This won't be a persistent cookie i.e won't be stored on the disk in most cases. If you have proxy tool, yu can see that the browser submits a cookie by name JSESSIONID.
  If cookies are not enabled, url writing willb e used.

• HttpSession.setAttribute( name,object ) object- vector

  In HttpSession we have void setAttribute(name,object)
  and object getAttribute(name
  In this can i set the vector as an object in
  setAttribute(name,object) and retreive the vector by
  casting in the getAttribute(name) ?
  The code ....
  Vector v = new Vector();
  // adding elements in vector
  session.setAttribute(name,vector);
  Vector recV = (Vector)session.getAttribute(name);
  is it possible ?
  Thank you
  elango

  Yes. Session.setAttribute(), ServletContext.setAttribute(), etc. are all dictionary lookups.

• Session.putValue() and session.setAttribute

  do I have to use session.putValue() before using session.setAttribute() and session.getAttribute() ?
  becuase I have one JSP page include one form (action=TheSameJspFile.JSP) several Submit bottuns each Bottun has its Value.
  in the JSP I request the submit value and depends on it doing stuff ...
  each Value I have to get and to set a session Attribute, if I want to putValue it will delete the old value.
  how can I solve this?

  You need to store something in the session before you can retrieve it.
  So, you need to do a setAttribute() to place something in the session. Then you use getAttribute() to retrieve it. DO NOT use putValue as it is deprecated and has been replaced by setAttribute(). DO NOT use getValue() as it is deprecated and has been replaced by getAttribute().

• HttpSession value size limits IE vs. Netscape

  Does anyone know if IE and Netscape have different size limits for binding objects to a current session (ie. HttpSession.setAttribute()). I have some code that executes fine in IE, and terminates Netscape v4.08. I have a feeling that I am binding too much information in the Session for Netscape to handle, but have yet to find any documentation to back this up. Any help?

  I wish that was the problem. When I limit the amount of data that I am binding to the session my code executes fine. But when I store larger amounts, the code kills the Netscape browser itself. The version of Netscape I am testing with is 4.08 and have a feeling that the problem resides somewhere in Netscape's implementation of handling the problem

• Deprecated Message

  Why when I use:
  <jsp:forward page = "<%= FormatUtils.nvl(request.getParameter("servico"), "") %>">
  <jsp:param name = "matricula" value = "<%= FormatUtils.nvl(request.getParameter("matricula"), "") %>" />
  <jsp:param name = "senha" value = "<%= FormatUtils.nvl(request.getParameter("senha"), "") %>" />
  <jsp:param name = "competencia" value = "<%= FormatUtils.nvl(request.getParameter("competencia"), "") %>" />
  </jsp:forward>
  I receive:
  "Documentos.jsp": Warning #: 368 : method encode(java.lang.String) in class java.net.URLEncoder has been deprecated

  "deprecated" means you're not supposed to use that function anymore. You probably upgraded to a more up-to-date version of Java, which has broken all of your old code.
  Go to the Java API documentation websites, look up the function that's giving you problems. Make sure you're looking up the section for the version you're using. Most of the time, all they did was change the name of the method to something more "kool." Such as "enabled" vs. "isEnabled". "putValue" vs. "setAttribute". That kind of crap. Other times, they moved the functionality to a completely different object. "Date" vs. "Calendar". In any event, the documentation generally explains what the "new improved" way of accomplishing something has become.
  Remember, Java people don't give a rats tail for backwards compatibility.

• SetAttribute() makes object serializable Recursively ?

            Hi everyone,
            could anyone answer me whether httpSession.setAttribute(key, very big object)
            makes the object serializable recursively.
            What I mean is, I am storing an object bigObject in http session using setAttribute().
            This bigObject contains several other objects which are not serialized.
            But I have read that setAttribute() makes the object serializable.
            So, does it mean that all the objects stored in bigObject also will be serialized
            thanks,
            jyothi
            

  But you can't serialize an Object that isn't Serializable somewhere in it's
            inheritance. A method can't make an Object Serializable.
            "jyothi" <[email protected]> wrote in message
            news:[email protected]...
            >
            > But i read clearly some where in bea online manual that use
            setAttribute() which
            > makes the object searializable. So I wonder whether this
            setAttribute() does
            > the searlization recursively ?
            >
            > thanks,
            > jyothi
            >
            > "justin" <[email protected]> wrote:
            > >
            > >Cluster requirement is that all objects placed in a session should be
            > >serializable.
            > >So your Big objects with small object which are not serializable is going
            > >to be
            > >a problem.
            > >
            > >"jyothi" <[email protected]> wrote:
            > >>
            > >>Hi everyone,
            > >>
            > >>could anyone answer me whether httpSession.setAttribute(key, very
            > >>big object)
            > >> makes the object serializable recursively.
            > >>
            > >>What I mean is, I am storing an object bigObject in http session using
            > >> setAttribute().
            > >> This bigObject contains several other objects which are not serialized.
            > >>
            > >>But I have read that setAttribute() makes the object serializable.
            > >>
            > >>So, does it mean that all the objects stored in bigObject also will
            > >>be serialized
            > >>?
            > >>
            > >>thanks,
            > >>jyothi
            > >
            >
            

• Warning while using session value

  while i include this section of code in my servlet
  HttpSession session=req.getSession(true);
  session.putValue("login",login);
  i get the following warning
  putValue(java.lang.String,java.lang.Object) in javax.servlet.http.HttpSession has been deprecated
  session.putValue("login",login);
  ^
  can anyone help me and explain why is this warning and how can i get through this
  thank you for ur time

  Use session.setAttribute(name, value) instead of putValue(name, value);
  session.getValue() & putValue() hasve been replaced by getAttribute() and setAttribute(). the parameters are same.
  Regards ,
  Karan

• Session State Replication of Referenced Objects

  Here is question on Clustering and Session state replication:
            Scenario:
            Consider two Session Objects A and B.
            Object A has-a reference to object B.
            So whatever changes done to Object B is reflected in Object A.
            In-memory Session replication happens on every HttpSession.setAttribute() call.
            The question is will the two session objects(A and B) be replicated to the other cluster and will still maintain the reference relationship or will they be two separate objects with same data (in different memory locations).
            regards,
            Jaiganesh

  Ok, I have been meaning to dig into session replication in a bit more detail and your question is a good excuse to do it!
            First stop the docs:
            Bea Docs
            The bits that jump out are under:
            Programming Considerations for Clustered Servlets and JSPs
            1) Session Data Must Be Serializable, so both your objects are serializable.
            2) Use setAttribute to Change Session State In an HTTP servlet that implements javax.servlet.http.HttpSession, use HttpSession.setAttribute (which replaces the deprecated putValue) to change attributes in a session object. If you set attributes in a session object with setAttribute, the object and its attributes are replicated in a cluster using in-memory replication. If you use other set methods to change objects within a session, WebLogic Server does not replicate those changes. Every time a change is made to an object that is in the session, setAttribute() should be called to update that object across the cluster.
            Likewise, use removeAttribute (which, in turn, replaces the deprecated removeValue) to remove an attribute from a session object.
            >Will the reference as shown in the step 3 will be >maintained after replication on the other cluster ?? I >guess not!!
            I don't understand "on the other cluster" There is normally one cluster made up of a few servers. The session state is maintained on one primary server and a secondary server. So you have aObj.a2 = bObj, from the docs I would understand that at the momment you called session.setAttribute the aObj and all its fields provided they are seriliazable will be replicated in Mememory.
            >There the aObj and bObj stored in the two different >session objects will not have a reference relationship >in other words if i change bObj on the other cluster >will the reference a2 of aObj be able see it ??
            This is testing the limits of my understanding, but would have thought if the objects are in different sessions they should not be able to reference each other in the manner I think you are suggesting, so if I access aObj.a2 (an instance of bObj) and changed it in one session it should not affet any other bObj unless bObj is a singleton....I think!
            What say you?

• Session replication at every http request

  Hi everybody
  I'm trying to use ZKoss Framework (www.zkoss.org) to develop a
  web application and deploy it in a Clustered WebLogic Server.
  The main issue I'm facing is that the "state" of the visual interface
  is stored inside the http session, and so, when node that handle
  the http request changes, the state is resetted and then the page changes,
  even if there was no user intervention.
  So I need to replicate the whole session at every http request,
  to prevent strange behaviours when the request handler node's changes.
  Do you know some settings that will force WebLogic Server to replicate the whole
  session at every http request?
  Thanks in advance.
  bye.

  Hi Marco,
  Yes, You are right But You NEED NOT to put setAttribute("key","value")...code in all your JSPs. because if the Attribute data of Session is changed then Automatically it will be replicated (only the Changed Data and not the Data which is unchanged). Even we need not to worry about replicating the Unchanged Data Again...And WebLogic will take care of ChangedData by itself. There is no other alternate solution available in weblogic to do this...Even no such similar Element available in Deployment descriptors as well.
  Actual Link is Broken http://download-llnw.oracle.com/docs/cd/E13222_01/wls/docs90/cluster/failover.html
  Any way i am copy-pasting few Lines from E-Docs (the actual link i am not able to find ..but may be u can open the cached page:
  http://74.125.153.132/search?q=cache:bxTbqJEsQTsJ:download-llnw.oracle.com/docs/cd/E13222_01/wls/docs90/cluster/failover.html+setAttribute+Session+replication+weblogic&cd=6&hl=en&ct=clnk&gl=in
  ---------------------------If you are not able to open the link then please refer to the E-Docs copy-paste content below --------------------------
  Programming Considerations for Clustered Servlets and JSPs
  This section highlights key programming constraints and recommendations for servlets and JSPs that you will deploy in a clustered environment.
  Session Data Must Be Serializable
  To support in-memory replication of HTTP session states, all servlet and JSP session data must be serializable.
  Note:     Serialization is the process of converting a complex data structure, such as a parallel arrangement of data (in which a number of bits are transmitted at a time along parallel channels) into a serial form (in which one bit at a time is transmitted); a serial interface provides this conversion to enable data transmission.
  Every field in an object must be serializable or transient in order for the object to be considered serializable. If the servlet or JSP uses a combination of serializable and non-serializable objects, WebLogic Server does not replicate the session state of the non-serializable objects.
  Use setAttribute to Change Session State
  In an HTTP servlet that implements javax.servlet.http.HttpSession, use HttpSession.setAttribute (which replaces the deprecated putValue) to change attributes in a session object. If you set attributes in a session object with setAttribute, the object and its attributes are replicated in a cluster using in-memory replication. If you use other set methods to change objects within a session, WebLogic Server does not replicate those changes. Every time a change is made to an object that is in the session, setAttribute() should be called to update that object across the cluster.
  Likewise, use removeAttribute (which, in turn, replaces the deprecated removeValue) to remove an attribute from a session object.
  Note:     Use of the deprecated putValue and removeValue methods will also cause session attributes to be replicated.     
  Thanks
  Jay SenSharma
  Edited by: Jay SenSharma on Feb 11, 2010 10:24 PM
  Edited by: Jay SenSharma on Feb 11, 2010 10:26 PM

• What messages are exchanged in InMem Rep ?

  Hello..
            I'm measuring the performance of session state replication..
            I'd like to understand internal process for session replicaton..
            Please let me know
            how many message is exchanged for one replication.
            and if possible how long the message is and what's the content of the
            message in details..
            Thanks in advance..
            

  Cameron Purdy <[email protected]> wrote:
            >> I'm measuring the performance of session state replication..
            >> I'd like to understand internal process for session replicaton..
            >> Please let me know
            >> how many message is exchanged for one replication.
            >> and if possible how long the message is and what's the content of the
            >> message in details..
            > Those details are not provided by BEA. It does not appear that "messages"
            > (as in JMS) are used. Most probably, the protocol is TCP or UDP based, so
            > you can measure packets with a network sniffer. It is widely assumed that
            > only inserted/modified/removed session entries are replicated, and those
            > only at the end of the HTTP request processing.
            I think WLS documenation mentions somewhere that point-to-point (TCP) is
            used for state replication and also it says:
            Use setAttribute to Change Session State
            In an HTTP servlet that implements javax.servlet.http.HttpSession, use HttpSession.setAttribute
            (which replaces the deprecated putValue) to change attributes in a session object. If you set
            attributes in a session object with setAttribute, the object and its attributes are replicated
            in a cluster using in-memory replication. If you use other set methods to change objects within
            a session, WebLogic Server does not replicate those changes. Every time a change is made to an
            object that is in the session, setAttribute() should be called to update that object across the
            cluster.
            Likewise, use removeAttribute (which, in turn, replaces the deprecated removeValue) to remove an
            attribute from a session object.
            > Peace,
            > Cameron Purdy
            > Tangosol, Inc.
            > http://www.tangosol.com/coherence.jsp
            > Tangosol Coherence: Clustered Replicated Cache for Weblogic
            > "dhlee" <[email protected]> wrote in message
            > news:[email protected]...
            >>
            Dimitri
            

• Urgent!!!!!!!HANDLER THREAD PROBLEM

  file name GetName.html
  <html>
  <body>
  <FORM METHOD = POST ACTION = "SaveName.jsp">
  what is your name?
  <INPUT TYPE = TEXT NAME=username SIZE= 20>
  <p><INPUT TYPE= SUBMIT>
  </FORM>
  </BODY>
  </HTML>
  file name SaveName.jsp
  <%
  String name = request.getParameter( "username" );
  session.setAttribute( "theName", name );
  %>
  <HTML>
  <BODY>
  Continue
  </BODY>
  </HTML>
  file name NextPage.jsp
  <html>
  <body>
  Hello, <%=session.getAttribute("theName") %>
  </body>
  </html>
  when I try to execute , SaveName.jsp is generating the following error message. what is the problem? I am using jswdk. please help. I have included tools.jar in classpath. what could be the problem?
  Unhandled error! You might want to consider having an error page to report such
  errors more gracefully
  com.sun.jsp.JspException: Compilation failed:Note: sun.tools.javac.Main has been
  deprecated.
  work\%3A8080%2Fexamples\SaveName_jsp_1.java:71: Method setAttribute(java.lang.St
  ring, java.lang.String) not found in interface javax.servlet.http.HttpSession.
  session.setAttribute( "theName", name );
  ^
  1 error, 1 warning
  at com.sun.jsp.compiler.Main.compile(Main.java:347)
  at com.sun.jsp.runtime.JspLoader.loadJSP(JspLoader.java:135)
  at com.sun.jsp.runtime.JspServlet$JspServletWrapper.loadIfNecessary(JspS
  ervlet.java:77)
  at com.sun.jsp.runtime.JspServlet$JspServletWrapper.service(JspServlet.j
  ava:87)
  at com.sun.jsp.runtime.JspServlet.serviceJspFile(JspServlet.java:218)
  at com.sun.jsp.runtime.JspServlet.service(JspServlet.java:294)
  at javax.servlet.http.HttpServlet.service(HttpServlet.java:840)
  at com.sun.web.core.ServletWrapper.handleRequest(ServletWrapper.java:155
  at com.sun.web.core.Context.handleRequest(Context.java:414)
  at com.sun.web.server.ConnectionHandler.run(ConnectionHandler.java:139)
  HANDLER THREAD PROBLEM: java.net.SocketException: Socket is closed
  java.net.SocketException: Socket is closed
  at java.net.Socket.getInputStream(Socket.java:643)
  at com.sun.web.server.ConnectionHandler.run(ConnectionHandler.java:161)

  Are you using JSWDK 1.0.1? If you are, then the implementation uses the Servlet Spec. 2.1. The set/getAttribute methods were added in 2.2.
  Try using the now-deprecated method putValue like this in SaveName.jsp.
  <%
  String name = request.getParameter( "username" );
  session.putValue( "theName", name );
  %>

• Session/jstl  and load balancing - need expert advice

  After user loggs in, I am getting locale from db and storing it inside userSession along with userLogin. Inside jsp using <fmt> tag to display locale based resource property.
  HttpSession userSession = request.getSession(true);
  userSession.setAttribute("UserLogin", oRS.getString("user_login"));
  Config.set(userSession, Config.FMT_LOCALE, currentLocale);Also using filter after login page to check for User Session. Currently all working fine .
  But if i want to make use of load balancing, whether still it will work?
  1)I understand that if i depend on network config i.e. session request sticks to one server then i believe shld not be a problem
  2)But if that is not the choice then what else ? Client want to make use of serialization technique. I do not know much about it, how to implement it, any sample is greatly appreciated.
  3)what about jstl Config.set(..) whether any changes needed here?
  4)Do i need to change filter code.
  Pls pls help me, i really need expert advice on this.
  regards
  Manisha

  1)If i want cluster server to replicate the session
  then all attributes saved in the session have to be
  serializable.yes.
  2)In docs it is mentioned
  Use setAttribute to Change Session State
  In an HTTP servlet that implements
  javax.servlet.http.HttpSession, use
  HttpSession.setAttribute (which replaces the
  deprecated putValue) to change attributes in a
  session object. If you set attributes in a session
  object with setAttribute, the object and its
  attributes are replicated in a cluster using
  in-memory replication. If you use other set methods
  to change objects within a session, WebLogic Server
  does not replicate those changes. Every time a change
  is made to an object that is in the session,
  setAttribute() should be called to update that object
  across the cluster.
  Whether it means that if I want to store a object
  (which is serializable) e.g. 'String' inside session
  and use setAttribute() method then I do not need to
  make that object implicitly serializable?No, you still need the objects to be serializable.

• Compilation Error for Login code

  hi!
  Can someone help me debug this?
  C:\JRun4\servers\default\default-ear\default-war\WEB-INF\classes>javac -deprecat
  ion Login.java
  Login.java:46: warning: putValue(java.lang.String,java.lang.Object) in javax.ser
  vlet.http.HttpSession has been deprecated
  userSession.putValue("userName", uName);
  ^
  Login.java:26: unreported exception java.sql.SQLException; must be caught or dec
  lared to be thrown
  String uName = validateUser(userId, password);
  ^
  Login.java:66: unreported exception java.lang.ClassNotFoundException; must be ca
  ught or declared to be thrown
  Class.forName("org.gjt.mm.mysql.Driver");
  ^
  2 errors
  1 warning
  import java.io.*;
  import java.sql.*;
  import javax.sql.*;
  import java.lang.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class Login extends HttpServlet{
  public void doPost(HttpServletRequest req, HttpServletResponse res)
                 throws ServletException,IOException{
  String userId = req.getParameter("userId");
  String password = req.getParameter("password");
  ** call a method to validate the password which will return the
  ** User Name for authorized users and null string for un-authorised.
  String uName = validateUser(userId, password);
  // if uName is null .. user is not authorized.
  if (uName == null)
       PrintWriter ot = res.getWriter();
  System.out.println(" Please verify the Userid and password");
  System.out.close();
  else
  // So the user is valid let's create a seesion // for this user.
  HttpSession userSession = req.getSession(true);
  // put the user name session variable.
  userSession.putValue("userName", uName);
  // now we need to transfer the control to welcome.jsp
  RequestDispatcher rd =
       getServletContext().getRequestDispatcher("/welcome.jsp");
  if (rd != null)
       rd.forward(req,res);
  }// end of doPost
  public String validateUser(String inputUserid, String inputPwd)
  throws SQLException{
       String returnString = null;
       Class.forName("org.gjt.mm.mysql.Driver");
  Connection con = DriverManager.getConnection("jdbc:mysql://localhost:3306/test", "test","test");
       Statement stmt = con.createStatement();
       String sql= "select USERID from USERTABLE where USERID = '" +
            inputUserid + "' and PASSWORD = '" + inputPwd +"' ;" ;
       ResultSet rs = stmt.executeQuery(sql);
       if (rs.next())
       returnString = rs.getString("USERID");
       stmt.close();
       con.close();
       return returnString ;
  }// end of servlet class
  Thank you!
  I'm using Win98 , JDK1.3 and Jrun4
  I also have j2sdkee1.2.1
  (if that matters)
  Dewi

  Hi,
  Put try catch block in your code and it will work fine.Please look at the code changes in your code.You find try-catch blocks.
  import java.io.*;
  import java.sql.*;
  import javax.sql.*;
  import java.lang.*;
  import javax.servlet.*;
  import javax.servlet.http.*;
  public class Login extends HttpServlet{
  public void doPost(HttpServletRequest req, HttpServletResponse res)
  throws ServletException,IOException{
  String userId = req.getParameter("userId");
  String password = req.getParameter("password");
  ** call a method to validate the password which will return the
  ** User Name for authorized users and null string for un-authorised.
  String uName = validateUser(userId, password);
  // if uName is null .. user is not authorized.
  if (uName == null)
  PrintWriter ot = res.getWriter();
  System.out.println(" Please verify the Userid and password");
  System.out.close();
  else
  // So the user is valid let's create a seesion // for this user.
  HttpSession userSession = req.getSession(true);
  // put the user name session variable.
  userSession.putValue("userName", uName);
  // now we need to transfer the control to welcome.jsp
  RequestDispatcher rd =
  getServletContext().getRequestDispatcher("/welcome.jsp");
  if (rd != null)
  rd.forward(req,res);
  }// end of doPost
  public String validateUser(String inputUserid, String inputPwd)
  String returnString = null;
  try{
  Class.forName("org.gjt.mm.mysql.Driver");
  }catch(ClassNotFoundException){
  System.out.println("An exception occurred ");
  Connection con = DriverManager.getConnection ("jdbc:mysql://localhost:3306/test", "test","test");
  Statement stmt = con.createStatement();
  try
  String sql= "select USERID from USERTABLE where USERID = '" +
  inputUserid + "' and PASSWORD = '" + inputPwd +"' ;" ;
  ResultSet rs = stmt.executeQuery(sql);
  if (rs.next())
  returnString = rs.getString("USERID");
  stmt.close();
  con.close();
  return returnString ;
  }catch(SQLException sqe){
  System.out.println("SQL Exception "+sqe.getMessage());
  }// end of servlet class
  Cheers,
  Rkanth

• CR Server 2008 / Using openDocument interface with a no-logon wrapper

  Hi, all!
  I had a problem with the openDocument.jsp interface and a no-logon wrapper which took me quite a while to figure out. I'm now posting these results here in the hopes that someone else will find them useful. Of course, if anyone has input how to improve the solution, it's also welcome!
  The system on which this was developed and tested was a vanilla Crystal Reports Server 2008 installation on Tomcat / MySQL / Windows Server 2003.
  The problem was that calls to openDocument interface left sessions open and this quickly led to the situation where all the concurrent access licenses (CALs) were used. It seemed nondeterministic when a session was released; it could have been minutes or hours.
  The solution: write a HTTP session timeout listener which logoffs the CRS-backend session. (The code below has still some dubug output enabled.)
  package fi.niscayah.util;
  import com.crystaldecisions.sdk.framework.IEnterpriseSession;
  import javax.servlet.http.*;
  import java.util.Date;
  import java.util.Enumeration;
  import java.text.SimpleDateFormat;
  public class KillSession implements HttpSessionListener
      public void sessionCreated(HttpSessionEvent event)
          debug("sessionCreated()", event);
      public void sessionDestroyed(HttpSessionEvent event)
          HttpSession session = event.getSession();
          try {
              java.util.Enumeration name = session.getAttributeNames();
              while (name.hasMoreElements()) {
                  String attributeName = (String)name.nextElement();
                  Object attribute = session.getAttribute(attributeName);
                  if((attribute != null) && (attribute instanceof IEnterpriseSession)) {
                      debug("  attribute : " + attributeName);
                      debug("  type      : " + attribute.getClass().getName());
                      IEnterpriseSession ies = (IEnterpriseSession)attribute;
                      ies.logoff();
              debug("sessionDestroyed()", event);
          } catch (Exception ex) {
              debug("sessionDestroyed() exception");
      private void debug(String msg)
          SimpleDateFormat sdf = new SimpleDateFormat("HH:mm:ss");
          String timestamp = sdf.format(new Date());
          System.err.println("[KillSession] [" + timestamp + "] " + msg);
      private void debug(String msg, HttpSessionEvent event)
          HttpSession session = event.getSession();
          String id = session.getId();
          String context = session.getServletContext().getServletContextName();
          debug("[" + context + "] [" + id + "] " + msg);
  (If you want to test the above code, create a .jar package out of it and put it in webapps/OpenDocument/WEB-INF/lib.)
  Next we need to register our listener. I noticed that the openDocument-webapp's web.xml-file already contained a listener definition that claimed to expire enterprise sessions on HTTP timeout. I never saw such results; I tested it by registering my own listener, which only outputted debug information, and then when ever a session timeout happened, I checked the amount of licenses in use via the CMC - it never dropped predictably.
  So, comment out the SessionCleanupListener and add KillSession.
  <!-- SK: Added own listener. -->
  <listener>
      <listener-class>fi.niscayah.util.KillSession</listener-class>
  </listener>
  <!-- SK: Commented out. -->
  <!-- SessionCleanupListener is used to expire the EnterpriseSession when the web session is timeout -->   
  <!-- <listener>
      <listener-class>com.businessobjects.sdk.ceutils.SessionCleanupListener</listener-class>
  </listener> -->
  After the above, change the HTTP session timeout to something more suitable. If you're creating really big reports, one minute might be too little. Also notice, that the value is an approximation. The timeout event might happen just as one minute has passed, but usually it takes more.
  <session-config>
      <session-timeout>1</session-timeout>
  </session-config>
  Now we're good to go and test the openDocument interface. The result should be that every time a HTTP session timeouts, an enterprise session (which was initialized via the openDocument call) is logged off.
  Next the no-logon wrapper.
  I found a lot of examples for logging in automatically, but every one of them exhibited a strange behavior (at least when used in conjunction with the openDocument interface) where the session count was increased by two. A lot of head scratching later, the solution below was devised.
  <%@ page language="java"
      import = "com.crystaldecisions.sdk.framework.CrystalEnterprise,
                com.crystaldecisions.sdk.framework.IEnterpriseSession,
                com.crystaldecisions.sdk.framework.ISessionMgr,
                com.crystaldecisions.sdk.exception.SDKException"
  %>
  <%
  ISessionMgr sessionManager = CrystalEnterprise.getSessionMgr();
  IEnterpriseSession entSession = sessionManager.logon("Guest", "", "<server>:6400", "secEnterprise");
  String entToken = entSession.getLogonTokenMgr().createWCAToken("", 1, 1);
  // So that this can be logged off when the session timeouts
  HttpSession httpSession = request.getSession();
  httpSession.setAttribute("nologon_SESSION", entSession);
  String query = request.getQueryString();        
  String redirectURL = "http://<server>:8080/OpenDocument/opendoc/openDocument.jsp?" +
      query + "&token=" + entToken;
  response.sendRedirect(redirectURL);
  %>
  You can put the above .jsp-file where you like, but I dropped it in webapps/openDocument, since it's no use by itself.
  The use of nologon.jsp is simple: use it as you would openDocument.jsp.
  And there you have it. A word of warning though, if you're not sure what you're doing, I wouldn't recommend trying these things out. And you certainly shouldn't deploy these on a production environment.
  As said before, any input is welcome!

  I'll comment on the BusinessObjects Enterprise logon tokens that you may generate via the Enterprise SDK.
  DefaultToken - this is used for failover - i.e., if the original EnterpriseSession object is destroyed without having logoff() method invoked, the failover can be used to re-connect to Enterprise without redo-ing authentication.  This token is immediately invalidated with EnterpriseSession.logoff().
  CreateLogonToken - token represents an EnterpriseSession independent of the original EnterpriseSession that generates it.  So you should generated the CreateLogonToken and log off the EnterpriseSession before using the token, or you'll have two licenses being used.
  CreateWCAToken - the Web Component Adapter token - this token is tied to the EnterpriseSession used to create it.  If this EnterpriseSession is invalidated, the WCA token can no longer be used.  Since this is essentially re-use of the original EnterpriseSession, license count is not increased with its use.
  So in your application, you're generating the WCA Token, and using the Session Listener to explicitly log off the originating EnterpriseSession.  The SessionCleanupListener is for cleaning up sessions created within InfoView on Web Application Server Session timeout.
  Sincerely,
  Ted Ueda