[Okta Webinar] Learn how to a build a cloud-first strategyRegister Now

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1457
  • Last Modified:

Servlet - request.getSession

Hi,

May I know what is the difference between request.getSession(true) and request.getSession(false)? In what situations will each of them useful?

Regards
Dave
0
suprapto45
Asked:
suprapto45
  • 5
  • 3
  • 3
2 Solutions
 
bloodredsunCommented:
request.getSession(true) returns the session if one exists and creates one if one doesn't

request.getSession(false) returns the session if one exists or returns null if one doesn't

From the API:

"Returns the current HttpSession  associated with this request or, if there is no current session and create is true, returns a new session.

If create is false and the request has no valid HttpSession, this method returns null.

To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown."


Usage depends on what you're trying to do. Ther are some occassions when you don't want to create a session (for performance reasons fro example) so it's better to return null just as there are occasssions when you want to create one if one doesn't exist.

NB  request.getSession() is the same as  request.getSession(true) in that it creates one if ones doesn't already exist
0
 
objectsCommented:
You may want to know if a session currently exists or not.
0
 
bloodredsunCommented:
As creating and manipulating sessions can take a lot of memory/processing, for larger applications you may only want to create sessions for logged-in users, not for all users so calling the getSession(false) can be useful.

Also useful is the session.isNew() method which allows you to determine whether the session has just been created from this request, i.e. the session has been created but the client does not yet know about it.
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
suprapto45Author Commented:
Hi,

Thanks.

"for larger applications you may only want to create sessions for logged-in users, not for all users so calling the getSession(false) can be useful."

So, let say that I created one session for each of the logged-in users. Then, what are the implications or consequences if I used getSession(true)?

If I used getSession(false), will I be able to manipulate it such as
HttpSession session = request.getSession(false);
session.setAttribute("message", myMessage);

then afterward...(in another jsp)
HttpSession session = request.getSession(false);
session.getAttribute("message");

am I able to do that? since normally I do not use getSession(false). :) Thanks.

Regards
Dave
0
 
objectsCommented:
> If I used getSession(false), will I be able to manipulate it such as
> HttpSession session = request.getSession(false);

It will return null if it doesn't already exist so no you can't.
0
 
bloodredsunCommented:
>>So, let say that I created one session for each of the logged-in users. Then, what are the implications or consequences if >>I used getSession(true)?

Nothing, as a session already exists so it doesn't matter which you call.


>>HttpSession session = request.getSession(false);
>>session.setAttribute("message", myMessage);

That will be fine if you've already created one, else you'll get a null pointer exception as you're calling a method on a null.
If you are creating one for all logged in users, you might as well use request.getSession(true) as default. If you use request.getSession(false) then you should also check for null just as good coding.

e.g.

HttpSession session = request.getSession(false);
if (null != session){
    session.getAttribute("message");
    //blah blah
}else{
    response.sendRedirect("/login.jsp");
}

It's more a question of resource management for larger webapps
0
 
bloodredsunCommented:
Also remember that in a JSP that sessions are created by default unless you use the page attribute:  
<%@ page session="false" %>

and also that you don't need to get the session from the request in a jsp, it's available to you as an implicit object

e.g.
valid.jsp
--
<html>
<%
session.setAttribute("aaa","bbb");
%>
</html>
0
 
suprapto45Author Commented:
Thanks object and bloodredsun,

I will read more on that and will ask you more questions if I have.

Regards
Dave
0
 
bloodredsunCommented:
No probs Dave.

And as a clarification on objects comment "It will return null if it doesn't already exist so no you can't." he meant that only if you haven't already created one: which as I believe you said you already had a couple of lines above, means that you can use it as you've written but with the null check I recommend.
0
 
suprapto45Author Commented:
Thanks bloodredsun and objects.

Regards
Dave
0
 
objectsCommented:
no worries :)
0

Featured Post

Free Tool: Subnet Calculator

The subnet calculator helps you design networks by taking an IP address and network mask and returning information such as network, broadcast address, and host range.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

  • 5
  • 3
  • 3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now