Retreiveing session

Hi there! My application uses struts as its controller. I'm having a problem here with session. One of my actions, set an variable to the session scope. Then, it forwards the user to a page that contains an applet, that comunicate with my server through a servlet. This servlet should be able to read the session, but since the applet is the client, I'm assuming that he can't (I tried) because it is in another context, like it were another browser. But I really need that var. My question is, assuming that I have the session ID, can I retreive the session using its ID?
Thanx
Vinicius

To answer your question no. For security reasons, you cannot retrieve a sessoin using its ID.
Is it an extremely secure piece of information?
If the servlet and applet are talking to the same web application, you could possibly pass the data via the application scope (have a map in application scope, keyed by the session ID, and put the value to pass in that)
Its not completely secure, because any servlet/jsp in the application can view that data, but it is a sidestep hack to accomplish what you wish :-)

Similar Messages

Sessions within JSP's

I have a JSP with a number of beans declared as session beans.
I then include (JSP:INCLUDE) a servlet which then tries to access one of the session beans.
To check how things are going I do the following within the servlet:
     // Retreives session Object
     HttpSession session = req.getSession(true);
if (session == null) {
printTrace("Failed to get the Session!");
if (session.isNew()) {
printTrace("A new session was created!");
I always get the "A new session was created!" reply.
When I return to the JSP, any information that had been set up in the servlet does not appear in the session.
It appears that the JSP has created another session, different from the servlets session and all the beans are in their initial state.
QUESTION:
     Could someone point me towards some information on when the session is created in a JSP?
Regards
Phil

I have a JSP with a number of beans declared as
session beans.
I then include (JSP:INCLUDE) a servlet which then
tries to access one of the session beans.
To check how things are going I do the following
within the servlet:
// Retreives session Object
HttpSession session = req.getSession(true);
if (session == null) {
printTrace("Failed to get the
("Failed to get the Session!");
if (session.isNew()) {
printTrace("A new session was
("A new session was created!");
I always get the "A new session was created!" reply.
When I return to the JSP, any information that had
been set up in the servlet does not appear in the
session.
It appears that the JSP has created another session,
different from the servlets session and all the beans
are in their initial state.
QUESTION:
Could someone point me towards some information on
when the session is created in a JSP?
Regards
PhilTry HttpSession session = req.getSession(false);
When you pass true, it will create a new session if one does not exist. thats why you get "A new session was created!" all the time.
regards
Stef

Loaded 20.1. When I add Session Manager extension, address & search bars disappear. Can't retreive unless I reload Firefox from scratch. How to fix?

No prior Firefox version. Started with 20.1. Have not loaded 20.1 on my other computers, so i don't know if the problem is universal. Need Session Manager because Firefox crashes frequently.

Session Manager has had a lot of bug fixes the past week, I suspect mostly related to the new per-window private browsing feature. Could you try the new version 0.8.0.5? You need to use the "Versions" page to get it, as it hasn't yet been approved for the main page:
https://addons.mozilla.org/en-US/firefox/addon/session-manager/versions/#version-0.8.0.5
Hope that helps. You'll also see some even newer pre-release versions addressing specific bugs. I wouldn't try those just yet unless you see that one of them fixes issues you find in 0.8.0.5.

Problem retreiving object from EJB3 Session Bean

Please delete.
Edited by: wsaxton1 on Oct 9, 2007 10:18 PM

So we tested some things that are described in the SDN or by SAP with Connectors.
We tested JCO version 2.0.12, 2.1.18 and 3.0 in J2EE Projects in netweaver and in Eclipse (Standalone).
For version 2.0.12 there is a failure that this version is not compatible with the other things in netweaver.
This version is for standalone and integrated sytems.
For version 2.1.18 is only described as standalone and so failure happened in netweaver that other classes are coruppted or missed. The internal test in "content administrator" (Ping and Test) do not work and had the same error.
For version 3.0 (that displace the other two versions) there is many to do in settings and coding that we do not have tested yet because project is not that small to write it for JCO 3.0 only for testing. When we only displaced files in netweaver the server do not start any more.
So:
Is there a way to call R/3 from session bean and 1. create an JCO client or 2. add a client to the "standard" pool of netweaver to use it?
Any ideas? help? links?
Project have to be complete in september...
Our combi is SAP Netweaver 2004 SP21 on Windows XP SP2 / Server 2003 Standard SP1 with JVM 1.4.2_16... need of any more info?
thx

Problem with application item and session state

Okay, let's see if I can explain this problem coherently.
I have a small app (one page), with an application item, F_WHERE_CLAUSE.
This page has three regions in which there are items that the users can populate for search conditions. A couple of these items are "select list with submit" (I still need to upgrade to the AJAX method, I know). There is another region which has one hidden field, called P1_WHERE_CLAUSE. This field is defined to "Always, replacing any value in session state..." with source type of "Item (application or page.....", and a source value of F_WHERE_CLAUSE with no default value.
I have a button called "Search" which submits the page and fires a PL/SQL process which builds a where condition based upon the other page items and stores the value to the application item F_WHERE_CLAUSE (correctly).
For testing, I've made the P1_WHERE_CLAUSE field visible so that I can see what's going on. I've also clicked the debug and session buttons to help trace this. After I click the "Search" button and the page submits, debug shows:
0.02: ...Session State: Save "P1_WHERE_CLAUSE" - saving same value: "1=1"
followed later by:
0.05: ...Session State: Saved Item "F_WHERE_CLAUSE" New Value="lower(primary_class) = 'rock' and country = 'Spain'"
The field P1_WHERE_CLAUSE displays with the correct search criteria as signified by F_WHERE_CLAUSE above. However, If I click the "session" button to view the session state values, P1_WHERE_CLAUSE shows up as:
P1_WHERE_CLAUSE Textarea 1=1 U while F_WHERE_CLAUSE displays the correct value still.
The reason this "problem" came up, is that this page also has three SQL report regions which use &P1_WHERE_CLAUSE. for the where condition. While they display the correct results on-screen, each report region also has the "Export to csv" enabled, and the export seems to be using the "1=1" condition (from the "session" window) instead of the search criteria that the on-screen region is using (F_WHERE_CLAUSE and the displayed P1_WHERE_CLAUSE), resulting in a retreival of all records.
Anybody have any idea what's going on and why, and how to get the csv export to use the correct value for the where condition?
Thanks,
Bill Ferguson

It appears the "Export to CSV" functionality requires the item value to be set in session state. The P1_WHERE_CLAUSE item value never gets saved to session state. The page is rendered and the value is put in the item on the page but until you submit the page session state doesn't know what P1_WHERE_CLAUSE is.
Create a before header computation or process to set the value of P1_WHERE_CLAUSE (which will save it to session state). It is interesting that the report regions didn't need to look at the value in session state but the "export to csv" does.
--Jeff

Login JSP losing Session

I have a Login JSP which talks to a Servlet which then passes the login request to a Bean. In the Bean I save the login information in the Session, if the login fails I am trying to 'forward' to the Login JSP page again. On the Login JSP there is an 'errorText' field that gets the errorText Property from my Bean. However, when the 'getErrorText' method is called by the JSP I seem to have a new Session and have lost all of my login information.
What have I done wrong ? I have tried setting the 'scope' of the Login JSP to session and the application but with no result.
How can I ensure that when I re-display the Login JSP with an error message on it that I am using the Session (and copy of my bean) that I had when I set the properties ?
Sarah.

have the code for setting the session values in the servlet that comes after the JSP login page.
in the jsp login page try to retreive the session values for the user name and the password.
store these values in the name and password variables.
for the first time it'll be null and an exception will be thrown. so in the catch block, set the value of the name variable and the password to null string ie "" and set these values as the values of the textfields (for user name and password). also in the catch block, set the error message string also . this one u can use to display when u r redirected to the JSP login page by the servlet. if first time, then set it to null string "".
but assuming that the JSP page has been called from the servlet when an error occured i.e when the server cannot recognize the user name and password combination, the session variables for the user name and the password won't be null and u can use these values to be displayed in the respective textfields.
so when the user name and password cannot be recognized by the server, just call the same JSP login page.
hope that clears a bit of ur doubt!!
rgds
JP

Session problem using tomcat 3.3.1

Hi all,
Does tomcat support session.?.
I came to know that, tomcat is not supporting session, actually, it kills the session variables when redirecting the response to other page..
Is it so?..
please confirm me..
In my application we are using session variable to store the user access rights, and validating in all jsp pages. we are using resin 1.2.5 as servlet container. It is working fine.
we have an approach to port our application to tomcat instead of resin.
Now, while porting the session variables not retreived in the jsp pages.
I am struggling with this issue for the past one month, so please confirm me regarding tomcat supports session or not.--
Thanks and regards,
Murugan

hi
Well, in my application, i have session variables, and it is working
fine. Except in one jsp page where each time I submit, a new made
Vector disappears.
But the others session attributes are still there (rights, user,
etc ...).

Httprequest.getSession(false) creating a NEW Session

I am working on a web application which uses STRUTS. All the client requests are directed to loginaction class.
Any resource in the application, is accessed thru the action class.
Overview: In the action class, i am checking if there is any session associated with the new user using
session = request.getSession(false);
                  if (session != null) {
      if (session.isNew()) {
      logger.info("New Session Created [" + session.getId() + "]");
      } else {
      logger.info("Session EXIST'S ["+ session.getId()
     + "], Retreiving user from session");
                   }According to the Servlets 2.2 API:
public HttpSession getSession(boolean create) Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session.
If create is false and the request has no valid HttpSession, this method returns null.
if (session.isNew()) ,
this if statement should return false and be skipped, as session = request.getSession(false);wont create a new session. When i parse the logs, I see the log statement, "New Session Created ". Which makes me wonder, that a new session is being created
Problem: When i debug, i see that container is creating a new session if the session doesnt exist. According to API mentioned above, it should not create a new session. It should return null.
Did anyone had a similar issue? While researching i found this article that using struts, the container creates a default session.
I found this article: http://www.theserverside.com/discussions/thread.tss?thread_id=21643
Environment: IDE:WSAD5.1, Appserver:Websphere, Browser:IE 6.0, Struts, JSP, JSTL

Hi,
We have two appliactions. Our application say B is uses authentication mechanism provided by say A.
So the user, is presented a login page by application A. Once they are authenticated, without the knowledge of user, its being forwarded to our application say B.
Once he is in our application, he can navigate in our application, say,
he goes from page1 to page2. page1 is the main page. Now browser caching is enabled. When he hits the back button to access page1, browser is sending a new request to our applicaiton insted of furnising form local cache( this is another issue). Even though a new request is sent, all the requests are routed thru a struts controller action class. Now in the action class, we check if its a new session or not.
request.getSession(false). Since the user is an old user, it shouldnt create any new session.
As per your suggestion, where should i put the directive in the jsp to not to create a default session?. In page1 which is the main page?.
How should i implemnt the session listener interface. Do u have any templates or code snippets?.
Any suggestions?

Session management in servlet

Hi,
I am using OC4J Server.
I know the session in servlet can be managed with cookies. In addition, the session can be managed in HTTP session of OC4J. And How about the URL rewriting? Does it mean there are 3 methods to keep track of the servlet session. What are the difference of them. I am quite confused.
Thanks in advance

I see. Thanks.
So it means there are two kinds of cookies, permanent cookies and session cookies.
session cookies are used to store the session information.
I have another question. I want to write a permanent cookies to the browser and get it again even if the browser is closed.
The source code is like:
Cookie cookie = new Cookie(cookieName, cookieValue);
response.addCookie(cookie);
Then I try to write some cookies in the browser, close the browser and open the browser again and I try to retreive the cookies using the following codes but the cookies disappear.
Cookie[] cookies = request.getCookies()
if (cookies != null && cookies.length > 0) {
for (int i = 0; i < cookies.length; i++) {
Cookie cookie = cookies;
Is this the correct way to store and retrieve permanent cookies?
thanks in advance

Linking Session Model with query model

Hi All,
How do we implement a basic Session Model? Can we use a Session Model similar to Query Model and bind all the columns/attributes with that of ViewBean's ? Does Studio support that. We have a requirement wherein we need to manipulate the fields in the session across page request and then update the database from session. Is there any way to transfer values from Session Model to Query Model at runtime? Please throw some light on this topic.
Thanks
Allam

All models work the same when it comes to binding to display fields of ViewBeans and TiledViews.
A SessionModel does operate a little different though. The fields of a SessionModel are just "passthrough vehicles". In other words, when value is set on a display field that is bound to a SessionModel field, that value is not stored in the model, like a QueryModel, rather the value is written directly to the HTTPSession attribute immediately. There is not need to "execute" the model to make it update it's backend datastore, like a QueryModel with a DB.
As for transferring values from SessionModel to a QueryModel, you would have to do that manually, but I think you are missing the point of the SessionModel. It was meant as a means to bind a view's display fields to the HTTPSession and not much more. If you want to use a QueryModel over several page requests and update it at the end you can just "session" the QueryModel.
The QueryModel (and other executable models) have an API that declares them to be stored in session at the end of the request, and retreived from session when you get the model.
See the javadocs for
getModel(<Model>, <String>, <boolean>, <boolean>)
and then let me know if you have further questions.
craig

What to store in session/request

Hello.
I'd appreciate some input on a design issue that i have. I am building some new components in a system that consists of JSP pages and servlets, which is new technology to me. I will try to describe my question in a simple and straightforward way:
My JSP page has a function where i can retrieve a list of people, based on some filtering criteria. It calls a servlet, that uses underlying components to read the persons from the database and compose an ArrayList of Person objects. It then attaches this ArrayList to the Session bean using the setAttribute method on the HttpSession object.
The JSP page then lists the result list from the search for people and using a control on the page, the user can move one or more persons from the search result list to a list of selected people, creating a team of one or more persons. This team is stored in an ArrayList attached to the session object and it's retreived, updated and re-attached to the session object by the servlet every time the user clicks on the control that selects a person to be added to the team. On form submit, the JSP page stores key information about the selected person in hidden fields in the form and the servlet extracts this information from the request object and updates the ArrayList and re-stores it in the session object.
When the "save team" button is pressed (form submit) and control returns to the servlet, it extracts the selected persons from the request object and uses underlying components to save the list. In essence, the session object is used to "send" the search result and the current list of members in ther team to the JSP page. The request object is used to send the current list of persons in the team from the JSP page to the servlet.
Now to my question: what is the best practice design for a function like this one? Is using the session object to transfer the search result list from a servlet to a JSP page a good solution? Is it a good solution to keep the list of selected persons in an object attached to the session object until it is finally saved a good solution. It is not entirely clear to me when i should store data on the session object and when to use the request. Also, what mechanisms are there to transfer data from the servlet to the JSP page, other than attaching it to the session object?

Can the servlet attach an object to the request object and can the JSP page access it just like it can with objects attached to the session object?Yes. Just use HttpServletRequest#setAttribute() and forward the request to the JSP.
Is there a general guideline for what to store in the session and what to store in the request? Store request scoped variables (form input values, request-specific variables, etc) in request scope and session scoped variables (logged in user, user settings, user specific dropdown list contents, session-specific variables, etc) in session scope.
My picture of this was that the request is something that is generated when a form (JSP page) is submitted and that it cannot be used to transfer data from a servlet to a JSP page. Is that wrong?Yes, it is wrong.

Creating session in jsp

I want to create a jsp session in which i define a variable and call it in the other pages;
please help

hi,
for creating session,
String uname = "admin";
session.setAttribute("username",uname);
for retreiving the value from session.
String uname = (String)session.getAttribute("username");
session is an implicit object in jsp, if u want to use in servlet Declare like this.
HttpSession session = request.getSession();
Bala

New session in JSP?

I'm currently working in a project that's basically a search-engine. The
          application is running on BEA's WebLogic server and the logic is placed in
          JavaBeans and EnterpriseJavaBeans. The JavaBeans that I access from my
          JSP-pages has the scope set to 'session'.
          As long as every user runs the application in different webbrowsers
          everything is fine, but if I open a second window (pressing Ctrl+N in IE) it
          seems like I'm stuck in the same session which means that I've got two
          references to the same object of my JavaBean.
          The outcome is that I either get the same result from two different querys,
          or that my application crashes. The server executes the querys in different
          threads, but since the EJB that holds the result is a stateful sessionbean
          the result is dependet on the last query.
          Are there any way of detecting that a request is made from a new window in
          the same browser (http-headers?), and creating a new session? Are there any
          way at all to force a client into a new session?
          /Johan


          "Johan Kindgren" <[email protected]> wrote in message
          news:[email protected]...
          > The database that we searching in contains about one million rows in
          several
          > tables, and the design-specification we've got demands that 90% of the
          > querys should return a result within three seconds, from anywhere in the
          > world.
          > Our idea to solve this is to divide the application into three layers,
          where
          > the first one is the JSP and JavaBeans. The middle layer is our stateful
          > sessionbean and the last is an stateless entitybean that executes the
          > querys to the database. When a query is made, the entitybean returns an
          > array of id's to the stateful sessionbean that match the query, and
          > sessionbean then retreives details from the database in batches of 15
          > records.
          > With this design it takes less than half a second to retreive the next
          batch
          > by making a query from id's, instead of making a query from a name (which
          in
          > worst case can take up to a minute right now, we have not optimized the
          > database yet).
          >
          > The JavaBean that I use in the JSP-pages creates a connection to the
          > sessionbean, and this connection is kept throughout the session.
          To fix your initial problem, you should assoicate your stateful session
          beans with a HTTP request rather than a HTTP session. This will get around
          your current problems (crashes & synchronisation). Or a more complex
          approach could be to remove the EJB from the HTTP session before you use it
          (so that no other request can use it at the same time).
          Browsers can and will make multiple concurrent requests with what appears to
          be (from the Servlet engines perspective) the same HTTP session - so don't
          associate a stateful session bean with a HTTP session. Associate it with a
          request instead. (In fact this is true of any EJB).
          >
          > If I understand your suggestion correct, we would have to skip the middle
          > layer. I suspect that we would have significant loss of performance in
          that
          > case. Are there any way to work around this? Any ideas in another design
          > that would eliminate this problem?
          Layering is often useful. The trick is to layer things correctly. I don't
          really have the bandwidth to understand your use cases correctly to
          formulate the correct architecture to follow. I'll give you a brief 30,000
          foot view of how I tend to do things...
          Briefly, I've never been terribly convinced of the value of entity beans at
          all. I personally think they are a bit of a mistake because they are remote.
          I far prefer the JDO idea which will hopefully replace entity beans one
          day.(http://access1.sun.com/jdo/) Generally the current thinking is that
          whether you use JDBC, JDO or Entity Beans - they should be wrapped inside
          session beans anyway. So from your layering perspective, entity beans are
          implementation detail inside the session beans layer.
          Mostly the client side wants go get 'data objects' back from queries which
          can then be used to do other navigations / queries / operations. It also
          helps to have client side helper beans to abstract the complications of
          using session beans (handling lookups, pooling, timeouts etc.).
          So the layers I prefer to focus on are
          Server side: Session beans - implementation I don't care - maybe internally
          using entity beans or JDBC or JDO. These should be stateless wherever
          possible. Should return Java beans to clients.
          Client side: Java beans - wrap use of session beans
          (timeout/pooling/creation stuff and sesion bean API). These client side Java
          beans often pass client side state (e.g. user id) into sesssion bean methods
          to allow the session beans to be stateless. Usually the client side will
          include Servlets, JSP, custom JSP tags here too.
          The Session beans on the server side may be split into the main stateless
          session beans that do most of the work with some small stateful session
          beans for doing things like query paging etc - though I've often found its
          easy to do this in stateless beans with a clever caching model.
          > The application will serve about 30 concurrent users, but there are a tota
          l
          > of 400 users.
          Though the same user may use multiple web browser windows on a desktop, so 1
          real user can become several concurrent users.
          J.
          James Strachan
          =============
          email: [email protected]
          web: http://www.metastuff.com

Binding Session Values to hidden variables

I need to access some session data (eg: signedin userid..) in ADF BC while doing an update, so that i can store it in database.
Please suggest..

Hey Timo,
This is how i acheived this:
1) Exposed a method in AppModule to set the user signedin..
2) In the backing beanretreived the App Module..and set the userSignedin..
ValueBinding vb = context.getApplication().createValueBinding("#{data}");
BindingContext bc = (BindingContext) vb.getValue(context);
DCDataControl dc = bc.findDataControl("AppModuleDataControl");
AppModuleImpl appModuleImpl = (AppModuleImpl) dc.getDataProvider();
AppModule am = (AppModule)appModuleImpl;
3) And in the entity.. exposed the accessor methods for UpdatebleVO and retreived the App Module from it..and from it the user signedin..
AppModuleImpl am = (AppModuleImpl)getEmpUVO1().getApplicationModule();
It works..Please suggest ifthere is any easy way..
Thanks
Edited by: user11922045 on Oct 26, 2010 1:50 PM

Flex Session implementation in Java

Hi
I am new to Flex. I have requirement like "store and retreiving a value in FlexSession instead of passing it to UI". The application in which I am working is an existing application where the value which I mentioned is generated from a service call and storinand reteiving it inside a DB. I neeed to modify it so that it should be from Flex Session.
I tried using FlexContext.getFlexSession().setAttribute("abc","value");
But while retreiving through FlexContext.getFlexSession().getAttribute("abc") it is returning null.
Could somebody help in finding a solution for this. It is urgent.

Thanks for your reply Claudiu. FlexContext comes from flex-messgaing-core.jar and I don't think it is a custom class. And my issue got solved . I think I missed the below entry in web.xml,

<llstener>
<listener-class>flex.messaging.HttpFlexSession</listener-class>
</llstener>

Retreiveing session

Similar Messages

Maybe you are looking for