HttpRequest.getSession(boolean create) is broken in WL 5.1

Similar Messages

• Httprequest.getSession(false) creating a NEW Session

  I am working on a web application which uses STRUTS. All the client requests are directed to loginaction class.
  Any resource in the application, is accessed thru the action class.
  Overview: In the action class, i am checking if there is any session associated with the new user using
  session = request.getSession(false);
                    if (session != null) {
        if (session.isNew()) {
        logger.info("New Session Created [" + session.getId() + "]");
        } else {
        logger.info("Session EXIST'S ["+ session.getId()
       + "], Retreiving user from session");
                     }According to the Servlets 2.2 API:
  public HttpSession getSession(boolean create) Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session.
  If create is false and the request has no valid HttpSession, this method returns null.
  if (session.isNew()) ,
  this if statement should return false and be skipped, as session = request.getSession(false);wont create a new session. When i parse the logs, I see the log statement, "New Session Created ". Which makes me wonder, that a new session is being created
  Problem: When i debug, i see that container is creating a new session if the session doesnt exist. According to API mentioned above, it should not create a new session. It should return null.
  Did anyone had a similar issue? While researching i found this article that using struts, the container creates a default session.
  I found this article: http://www.theserverside.com/discussions/thread.tss?thread_id=21643
  Environment: IDE:WSAD5.1, Appserver:Websphere, Browser:IE 6.0, Struts, JSP, JSTL

  Hi,
  We have two appliactions. Our application say B is uses authentication mechanism provided by say A.
  So the user, is presented a login page by application A. Once they are authenticated, without the knowledge of user, its being forwarded to our application say B.
  Once he is in our application, he can navigate in our application, say,
  he goes from page1 to page2. page1 is the main page. Now browser caching is enabled. When he hits the back button to access page1, browser is sending a new request to our applicaiton insted of furnising form local cache( this is another issue). Even though a new request is sent, all the requests are routed thru a struts controller action class. Now in the action class, we check if its a new session or not.
  request.getSession(false). Since the user is an old user, it shouldnt create any new session.
  As per your suggestion, where should i put the directive in the jsp to not to create a default session?. In page1 which is the main page?.
  How should i implemnt the session listener interface. Do u have any templates or code snippets?.
  Any suggestions?

• Difference between getSession() and getSession(boolean)

  What is the difference between sessionObj.getSession() and sessionObj.getSession(true)?

  The reason would be if you wanted to check if the user had a session but didn't want to create a new session if they didn't.
  i.e.
  HttpSession session = request.getSession(false);                    
  if (session == null) { // we know the user hasn't got a session and we haven't created one for them
      response.sendRedirect("login.jsp"); // make them login
      return;
  }

• Null returned from request.getSession( true )

  It is my understanding that when you call getSession on an instance of
            HttpServletRequest with a parameter of true, it should return the existing
            session (if there is one) or a new session. It should never return null.
            Unfortunately, that is exactly what we are seeing. Has anybody else had a
            similar problem? We've seen it three times at this point. It only seems to
            happen after stress or extended usage of the WebLogic server (several days).
            After null is returned, it is always returned until you restart the server.
            We are running WebLogic 4.5.1 (service pack 2) with clustering and in-memory
            replication of session data. We use jview (Microsoft's VM) on Windows NT
            Server 4.0 (service pack 6).
            Thanks,
            Walter Bodwell
            Evity, Inc.
            

  Copied from the API:
            getSession
            public HttpSession getSession(boolean create)
            Returns the current HttpSession associated with this request or, if
            necessary, creates a new session for the request. Use true for create to
            create a new session, or false to return the current HttpSession.
            If create is false and the request has no valid HttpSession, this method
            returns null.
            To make sure the session is properly maintained, you must call this method
            at least once before you write any output to the response. Newly created
            sessions (that is, sessions for which HttpSession.isNew returns true) do not
            have any application-specific state.
            Parameters:
            true - to create a new session for this request; false to return the current
            session
            Returns:
            the HttpSession associated with this request or null if create is false and
            the request has no valid session
            getSession
            public HttpSession getSession()
            Returns the current session associated with this request, or if the request
            does not have a session, creates one.
            Returns:
            the HttpSession associated with this request
            Hope that helps,
            -Andrew
            Walter Bodwell <[email protected]> wrote in message
            news:[email protected]...
            > The spec itself is not very clearly written, but seems to imply that
            > getSession( true ) only creates a session if there is not one already
            > associated with the request:
            >
            > getSession
            >
            > Returns the current valid session associated with this request. If this
            > method is called with no arguments, a session will be created for the
            > request if there is not already a session associated with the request. If
            > this method is called with a boolean argument, then the session will be
            > created only if the argument is true.
            >
            > The API documentation is much more clear (the important words being if
            > necessary):
            >
            > public abstract HttpSession getSession(boolean create)
            >
            > Gets the current valid session associated with this request, if create is
            > false or, if necessary, creates a new session for the request, if create
            is
            > true.
            >
            > Walter
            >
            > Andrew Robinson <[email protected]> wrote in message
            > news:[email protected]...
            > > In 2.1 getSession(true) ALWAYS creates a new session, getSession(false)
            > > returns the current session (or null).
            > > With getSession(), it returns the existing session, or creates a new one
            > if
            > > there is not one. Check out the API, very important difference.
            > >
            > > -Andrew
            > >
            > >
            > > Walter Bodwell <[email protected]> wrote in message
            > > news:[email protected]...
            > > > Doesn't getSession() just call getSession( true )? The descriptions
            for
            > > the
            > > > two sound identical.
            > > >
            > > > Thanks,
            > > > Walter
            > > >
            > > > Andrew Robinson <[email protected]> wrote in message
            > > > news:[email protected]...
            > > > > Try using getSession(), no arguments, it is in the 2.1 servlet spec
            > > > >
            > > > > Walter Bodwell <[email protected]> wrote in message
            > > > > news:[email protected]...
            > > > > > It is my understanding that when you call getSession on an
            instance
            > of
            > > > > > HttpServletRequest with a parameter of true, it should return the
            > > > existing
            > > > > > session (if there is one) or a new session. It should never
            return
            > > > null.
            > > > > > Unfortunately, that is exactly what we are seeing. Has anybody
            else
            > > had
            > > > a
            > > > > > similar problem? We've seen it three times at this point. It
            only
            > > > seems
            > > > > to
            > > > > > happen after stress or extended usage of the WebLogic server
            > (several
            > > > > days).
            > > > > > After null is returned, it is always returned until you restart
            the
            > > > > server.
            > > > > >
            > > > > > We are running WebLogic 4.5.1 (service pack 2) with clustering and
            > > > > in-memory
            > > > > > replication of session data. We use jview (Microsoft's VM) on
            > Windows
            > > > NT
            > > > > > Server 4.0 (service pack 6).
            > > > > >
            > > > > > Thanks,
            > > > > > Walter Bodwell
            > > > > > Evity, Inc.
            > > > > >
            > > > > >
            > > > >
            > > > >
            > > >
            > > >
            > >
            > >
            >
            >
            

• Session - getSession(true)

  I have two servlet . In first sevrlet i m creating a session and i am using setAttribute(uname,"abc"). Then i m redirecting to second servlet . In second servlet i have getSession(true). That means i m creating a new session. Then i am giving :
  if (session != null)
  String name = (String) session.getAttribute("uname");
  // some more code here
  else
  out.println("You are not authorised to access this information");
  Since it is new session, 'else' code should be executed , but its going in 'if' condition..

  There are two methods from which you can get HttpSession object
  HttpServletRequest.getSession()
  Returns the current session associated with this request, or if the request does not have a session, creates one.
  HttpServletRequest.getSession(boolean create)
  Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session.
  If create is false and the request has no valid HttpSession, this method returns null.
  To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.
  regards,

• Servlet Session

  Hi all,
  What is the difference between
  getSession() and getSession(false)

  getSession(), creates a session if one does not already exists.
  getSession(boolean create), returns a session if one exists, if one doesn't the it will create one if the argument is true, else it returns null.

• GetSession()

  hi to @ll,
  while getSession is used like:
  method (HttpServletRequest request,
  HttpServletResponse response, ...)
  HttpSession session = request.getSession();
  iAS server responses:
  java.lang.NoSuchMethodError: javax.servlet.http.HttpServletRequest: method getSession()Ljavax/servlet/http/HttpSession; not found
  any idea?
  thanks anyway,
  marcos.

  shaolinf wrote:
  Hi Guys
  How does the true or false in the getSession() attribute affect its state?[HttpServletRequest.getSession(boolean)|http://java.sun.com/j2ee/1.4/docs/api/javax/servlet/http/HttpServletRequest.html#getSession(boolean)]
  Affects the state of what?
  A method does not have a state.
  If there already is a session - there is no state change.
  If there is no session yet - a session is created if the argument is true.

• Creating pdf file from excel worksheet and save file in a macro created folder.

  Hi I have 3 worksheets and I want to conditionally convert them into a pdf file and than save said file into a folder that the macro will create if not already existing and name it with content of cell A1. So my question is if it is possible to do that with
  the following program?
  Thanks.
  Sub PrintStuff()
  Dim vShts As Variant
  Dim strFileName As String
  vShts = Sheets(1).Range("A1")
  If Not IsNumeric(vShts) Then
  Exit Sub
  Else
  ' Change path and filename as desired
  strFileName = "C:\MyFolder\MySubfolder\MyFile.pdf"
  If strFileName <> "False" Then
  Select Case vShts
  Case 1
  Sheets("Sheet1").Select
  Case 2
  Sheets("Sheet2").Select
  Case 3
  Sheets(Array("Sheet1", "Sheet2")).Select
  End Select
  ActiveSheet.ExportAsFixedFormat Type:=xlTypePDF, _
  Filename:=strFileName, _
  OpenAfterPublish:=False
  End If
  End If
  End Sub

  Option Explicit
  Sub PrintStuff()
  Dim Path As String, FileName As String
  Dim ThisSheet As Variant
  Dim MySheets As Variant
  Path = "C:\MyFolder\MySubfolder\"
  FileName = "MyFile.pdf"
  If Not FolderCreate("C:\MyFolder\MySubfolder") Then
  MsgBox "Can not create folder"
  Exit Sub
  End If
  Select Case Range("A1")
  Case 1
  Set MySheets = Sheets("Sheet1")
  Case 2
  Set MySheets = Sheets("Sheet2")
  Case 3
  Set MySheets = Sheets(Array("Sheet1", "Sheet2"))
  Case Else
  MsgBox "Uuups."
  Exit Sub
  End Select
  Set ThisSheet = ActiveSheet
  MySheets.Select
  ActiveSheet.ExportAsFixedFormat xlTypePDF, Path & FileName, OpenAfterPublish:=False
  ThisSheet.Select
  End Sub
  Private Function FolderCreate(ByVal Path As String) As Boolean
  'Creates a complete sub directory structure
  Dim Temp, i As Integer
  On Error GoTo ExitPoint
  If Dir(Path, vbDirectory) = "" Then
  If Right$(Path, 1) = "\" Then Path = Left$(Path, Len(Path) - 1)
  If Left$(Path, 2) = "\\" Then
  i = InStr(3, Path, "\")
  Temp = Split(Mid$(Path, i + 1), "\")
  Temp(0) = Left$(Path, i) & Temp(0)
  Else
  Temp = Split(Path, "\")
  End If
  Path = ""
  For i = 0 To UBound(Temp)
  Path = Path & Temp(i) & "\"
  If Dir(Path, vbDirectory) = "" Then MkDir Path
  Next
  End If
  FolderCreate = True
  ExitPoint:
  End Function

• ADF 10g:HttpServletRequest.getSession vs ExternalContext.getSession

  Hi all,
  I'm reviewing some code in our application and I would like to confirm my understanding of how to properly use session attributes on the view layer.
  In my servlet doFilter method I get my session using:
  HttpSession session = servletRequest.getSession(true);
  I also came across this blog post:
  http://andrejusb.blogspot.com/2012/01/how-to-access-session-scope-in-adf-bc.html
  which calls getSession from FacesContext.getCurrentInstance().getExternalContext.getSession
  http://docs.oracle.com/cd/E17802_01/j2ee/j2ee/javaserverfaces/1.2/docs/api/javax/faces/context/ExternalContext.html#getSession(boolean)
  Am I correct in my understanding that according to the javadoc, the getExternalContext.getSession returns the same HttpSession object as in HttpServletRequest.getSession?
  Many thanks
  Wes

  Hi,
  yes, this is correct
  Frank

• Iscsi multipath issue---all session only created base the first NIC

  Hello everyone, I had a X86 host(x4200) with solaris 10 u6 and 2 Intel NICs, and the array is Equallogic PS5000, for Equallogic array only have one group IP and only one target port id:3260, so after I congiured all host NIC and the array group IP in the same subnet, then I did:
  1.iscsiadm add discover-address ARRAY GROUP IP;
  2.iscsiadm modify initiator-node -c 2;
  3,iscsiadm modify discovery -t enable -s enable,
  I found that every iSCSI session created base NIC1-----only after I disable NIC1 then all session created base NIC2, not one session base NIC1 and one session base NIC2, what's the problem?
  I had trid to do iscsiadm modify target-param -c NIC1IP.NIC2IP targetname, and it no help too.
  Did you have experiment on it?Any reply is very appreciated.

  Since user in logging again from the same machine so i think invalidating the previous session won't work.
  Suppose user opens first instance of the mozilla browser and login as say 'ashok' whose role is normal user now he opens another instance of mozilla by clicking on executable and login as 'mitch' whose role is admin then after successful login of 'mitch' on first window mitch's menus items are getting displayed instead of ashok's.
  What i am doing is,
  While creating new session on login i first check is any existing session available in above case its true
  session = request.getSession(false); //return session if already exists
  System.out.println("Session object: "+session);
  if(session != null)
  System.out.println("Session ID Old: "+session.getId());
  session.invalidate(); //invalidate the session if already exists
  session = request.getSession(true); //Create new session
  System.out.println("Session ID New: "+session.getId());
  so control will go inside the if block, here i first invalidate the existing session (this is not destroying the session but only unbinding the information that was stored in the session) and create new session (this is returning the same session which was already exists) and save mitch's information. Since the previous instance was using the same session that will now get the mitch's information so now both instances will show the mitch's information.
  I am not getting any way to destroy the existing session so next time new session id will get generated.

• SQL Developer SDK wiki(for extensions development) link broken

  Hi,
  I would like to develop an extension for Oracle SQL Developer. I searched around the web for extension development API but couldn't find any working links.
  The link http://wiki.oracle.com/page/SQL+Dev+SDK+Getting+Started
  in the forum sticky as well as
  the main extensions development page http://www.oracle.com/technetwork/developer-tools/sql-developer/extensions-083825.html#create
  is broken.
  Any help would be much appreciated. Thanks.

  Hi,
  Is there any wiki link that I can use for extension development?

• Use property nodes to change the state of a boolean through time

  I want to be able to switch the value from a boolean control, using property nodes, so that if the time elapsed is equal to 0,1 ,2 ,3 s, it should be false and if the time is equal o.5,1.5,2.5 s, the value should be true.
  Can some one tell me how to do this with propert nodes or with any other method?
  Thanks in advance!

  -Check this link for ideas on how to make loop run for specific period of time.
  http://forums.ni.com/t5/LabVIEW/how-to-make-a-loop-run-for-specific-period-of-time/td-p/1641018
  -To change value using property node>>right click boolean>>create>>Property node>>value>> Change it to write.
  -Forget about specific period of time, first learn to change the value of boolean programmatically.
  Thanks
  uday,
  Please Mark the solution as accepted if your problem is solved and help author by clicking on kudoes
  Certified LabVIEW Associate Developer (CLAD) Using LV13

• Can not create a file under \window\system32 folder

  How do I create a folder in \windows\system32 in x64 machine through java code?
  Creating a file/folder under \windows\system32 fails and java creates a folder in \windows\syswow64 folder.
  pls see the code attached for example.
  My client wants to create a folder using my application.
  I dont want to use any native code suggested by microsoft. You can see in the following link
  http://msdn2.microsoft.com/en-us/library/aa365743(VS.85).aspx
  import java.io.*;
  public class FileTest{
       FileTest(){
            boolean created = writeFile();
            if (created)
                 System.out.println("File Created Successfully");
            else
                 System.out.println("Could not able to create the file");
       public static void main (String args[]){
            FileTest ft = new FileTest();
       public boolean writeFile(){
            try{
            Writer output = null;
            String text = "Sample Test File";
            if(!(new File("c:\\windows\\system32\\customFIle").exists())){
                 new File("c:\\windows\\system32\\customFIle").mkdirs();
            File file = new File("c:\\windows\\system32\\customFIle\\write.txt");
            output = new BufferedWriter(new FileWriter(file));
            output.write(text);
            output.close();
            return true;
            }catch(IOException ioex){
                 System.out.println(ioex);
            return false;
  Thanks in advance

  java_mani wrote:
  How do I create a folder in \windows\system32 in x64 machine through java code?Can the user that executes this Java code create "manually" a folder in that directory?
  Creating a file/folder under \windows\system32 fails and java creates a folder in \windows\syswow64 folder.
  pls see the code attached for example.
  My client wants to create a folder using my application.
  I dont want to use any native code suggested by microsoft. You can see in the following link
  http://msdn2.microsoft.com/en-us/library/aa365743(VS.85).aspx
  Why not?

• Orphaned files - broken links - URGENT

  Hi everyone
  I am currently going through and deleting 675 orphaned files
  and files that are old although if they create a broken link after
  deletion this will not show when I re run the link checker even
  though I know they are. Does anyone know why this is? I can't keep
  deleting things if it is going to create a broken link within the
  site. Also, is there any way of finding out where an individual
  document is located on the site if at all?
  Second issue is that orphaned files that I have deleted in
  both the local site and remote site are still coming up when I do
  the link check. Why is this so and how can I get them removed from
  the orphaned files list?
  Please help
  Merry

  many of the people offering answers use the NNTP newsgroup
  reader version.
  the webforum has been flaky lately i think.
  Here's my reply from a while ago-
  after deleting files- recreate the site cache.
  It's under the site menu on older versions, under
  site-->advanced on newer.
  dw's link checker checks html links, and links in "behaviors"
  that it
  understands.
  it will not check links in most javascript.
  What's an example of a broken link that dw didn't warn of
  when deleting the
  reported orphan? �url address to the page??
  and here are links to a google archive of the newsgroup.
  http://groups.google.com/group/macromedia.dreamweaver/search?group=macromedi
  a.dreamweaver&q=Orphaned+files+-+broken+links+-+URGENT&qt_g=1&searchnow=Sear
  ch+this+group
  http://groups.google.com/group/macromedia.dreamweaver/browse_frm/thread/3b1c
  2e1950cbb577/9ed3b0a716f876c5?lnk=gst&q=Orphaned+files+-+broken+links+-+URGE
  NT&rnum=1#9ed3b0a716f876c5
  > Hi Murray
  >
  > It's just that it says there are 9 posts regarding my
  original question
  > although when I open it up they don't show.
  >
  > Merry :)

• JAAS: how to login / logout programmatically?

  Dear All,
  i am writing a web application.
  i have created a JSF login form for authentication. the application use JASS mechanism for pages protection.
  i want to use the oracle's prebuild loginmodule (class name is
  "oracle.security.jazn.login.module.LDAPLoginModule") to authenticate user from LDAP server.
  to authenticate the user, my code in the backing bean for the login are:
  public String authenticate()
  MyCallbackHandler callback = new MyCallbackHandler();
  callback.setName("name");
  callback.setPassword("password");
  //create a logoncontext for specific login module, and callbackhandler
  LoginContext ctx = new LoginContext("name of configuration", callback );
  //login
  ctx.login();
  callback handler code:
  public class MyCallbackHandler implements javax.security.auth.callback.CallbackHandler
  private String name = "";
  private String password = "";
  public void setName(String name)
  this.name = name;
  public void setPassword(String password)
  this.password = password;
  public void handle(Callback[] callbacks)
  for(Callback c : callbacks)
  if (c instanceof NameCallback)
  ((NameCallback)c).setName(name);
  else if(c instanceof PasswordCallback)
  ((PasswordCallback)c).setPassword(password.toCharArray());
  the login method SEEMS succeed as no exception thrown.
  but the HttpServletRequest.getUserPrincipal() return null and whenever i visit other
  protected page (after calling the logincontext.login())...i was redirected to the login page ...
  do anyone know what the problem is??
  thanks

  Hi Frank,
  I am also facing the same problem getting the container to recognize the user using login/logout programmatically. I cannot use j_security_check as my authentication module requires three fields for authenticating the user and also I have a jsf login form.
  I have attempted the container to recognize the user by writing a filter to field all request with url-pattern "/" to get the user information from the session(saved by login action) and wrapped the request with an implementation of HttpRequestWrapper where I have overridden the methods - getRemoteUser(), getUserPrincipal(), isUserInRole().
  It is the first mapping in the web.xml and I am unable to understand if the redirect is happening before/after it reaches my AuthenticationFilter and my user is never recognized by the container since my method implementations are not called. The AuthenticationFilter is being called and I think it is something to do with the ordering of the filter-mapping. Any help would be appreciated.
  I have pasted my code below
  AuthenticationFilter
  public void doFilter(ServletRequest request, ServletResponse response,
  FilterChain fc) throws IOException, ServletException {
  if (request instanceof HttpServletRequest) {
  HttpServletRequest httpRequest = (HttpServletRequest)request;
  HttpSession session = httpRequest.getSession();
  if (session != null &&
  session.getAttribute(SESSION_ATTR_USER) != null &&
  session.getAttribute(SESSION_ATTR_ROLES) != null) {
  String username =
  (String)session.getAttribute(SESSION_ATTR_USER);
  Set roleSet = (Set)session.getAttribute(SESSION_ATTR_ROLES);
  AuthRequestWrapper wrapper =
  new AuthRequestWrapper(httpRequest, username, roleSet);
  fc.doFilter(wrapper, response);
  } else {
  fc.doFilter(request, response);
  AuthRequestWrapper
  public class AuthRequestWrapper extends HttpServletRequestWrapper {
  private String username;
  private Set roleSet;
  private Principal principal;
  public AuthRequestWrapper(HttpServletRequest request, String username,
  Set roleSet) {
  super(request);
  this.username = username;
  this.roleSet = roleSet;
  this.principal = new UserPrincipal(username);
  public String getRemoteUser() {
  return username;
  public Principal getUserPrincipal() {
  return principal;
  public boolean isUserInRole(String roleName) {
  return roleSet.contains(roleName);
  web.xml
  <filter-mapping>
  <filter-name>AuthFilter</filter-name>
  <url-pattern>/*</url-pattern>
  </filter-mapping>
  <filter-mapping>
  <filter-name>trinidad</filter-name>
  <servlet-name>Faces Servlet</servlet-name>
  <dispatcher>FORWARD</dispatcher>
  <dispatcher>REQUEST</dispatcher>
  </filter-mapping>