Solved

http session event

Posted on 2014-04-07
60
670 Views
Last Modified: 2014-05-09
Hi,

I am going thorugh below example



http://www.javatpoint.com/HttpSessionEvent

I wonder when below method getting called
 public void sessionDestroyed(HttpSessionEvent e) {  
21.        current--;  
22.        ctx.setAttribute("currentusers",current);  
23.    }  


please advise
Any links resources ideas highly appreciated. Thanks in advance
0
Comment
Question by:gudii9
  • 27
  • 23
  • 6
  • +2
60 Comments
 
LVL 19

Assisted Solution

by:Ken Butters
Ken Butters earned 75 total points
ID: 39986607
sessionDestroyed will be called when the session is invalid.

Examples of this happening would be :
User lost internet connection
User closed browser
Timeout due to slow connection or other connection issues
0
 
LVL 35

Assisted Solution

by:mccarl
mccarl earned 75 total points
ID: 39987716
While I agree that sessionDestroyed will be called when the session is invalid, I disagree with the examples given above. A session will persist across potentially multiple connections and so is not tied to any one particular connection. So some examples of when a session will become invalid...

 - HttpSession.invalidate() is explicitly called, such as from a request from the client browser to "logout"
 - The session times out. When the session times out is generally controlled by the Servlet container, under direction from the webapp's web.xml file, eg. Tomcat has a file conf/web.xml which contains default setting to apply to the container if they are not overriden in a webapps web.xml
0
 
LVL 20

Assisted Solution

by:Sathish David Kumar N
Sathish David  Kumar N earned 50 total points
ID: 39988349
In your web.xml

your mention that listenerclass that class implements HttpSessionListener

public class SessionCounterListener implements HttpSessionListener {.....}

Open in new window


<listener>
      <listener-class>com.xxx.[b]SessionCounterListener[/b]</listener-class>
</listener>

Open in new window


It always listen your session when ever it will timout time your given it will call the method
0
 
LVL 7

Author Comment

by:gudii9
ID: 40015262
A session will persist across potentially multiple connections and so is not tied to any one particular connection.

I am not clear how session can be maintained across multiple connections. I thought session is specific to let us say one online user say John while he is accessing shopping cart let us say in amazon for his particular internet connection. Please advise.
0
 
LVL 27

Expert Comment

by:rrz
ID: 40016141
>I am not clear how session can be maintained across multiple connections .
The Servlet container uses an id to identify  the user's session. When a request is received by the container, it checks for a session id. If the container finds a session id in the request, then it checks to see if there is a valid session associated with that id. Let's suppose that you browsed to a site and have created a session. You can use that same browser to open a second window(tab in browser) and make a new request to the same site. If you are using cookies, then the browser will send the session cookie that was made for the first window. Both windows will be in the same session but will have made separate connections.
You can use the following demonstration  JSP.
<%
  String path = request.getServletPath() + request.getContextPath();
  String encodedPath = response.encodeURL(path);
  Integer count = (Integer)session.getAttribute("count");
  if(count==null)count = new Integer(0);
  session.setAttribute("count",new Integer(count.intValue() + 1));
%>
The session id is ${pageContext.session.id}<br/>
Is the session new? ${pageContext.session['new']}<br/>
Did the client send the session id in the url? ${pageContext.request.requestedSessionIdFromURL}<br/>
Did the client send the session id in a cookie? ${pageContext.request.requestedSessionIdFromCookie}<br/>
path is <%=path%><br/>
encodedPath is <%=encodedPath%> <br/>
count=<%=count%><br/><br/>
<a href="<%=path%>">Not encoded request</a><br/><br/>
<a href="<%=encodedPath%>">Encoded request</a><br/>

Open in new window


You can use that code to see how the session tracking mechanisms work. If you have questions about it,then ask us here.
As for your question at the top,  the sessionDestroyed method is called when the session is timed out  or when you use  
session.invalidate();

Open in new window

in your code. Connections have nothing to do with it
0
 
LVL 7

Author Comment

by:gudii9
ID: 40030798
You can use that same browser to open a second window(tab in browser) and make a new request to the same site. If you are using cookies, then the browser will send the session cookie that was made for the first window. Both windows will be in the same session but will have made separate connections.


I opened my bank account in one tab of chrome browser and it asked me to login. I gave usernmae and password and logged in. I opened other tab in same chrome browser. It is again asking me to enter user name and password. If i enter then it will link to old session object that i logged earlier. please advise
0
 
LVL 27

Expert Comment

by:rrz
ID: 40031130
>I opened other tab in same chrome browser. It is again asking me to enter user name and password.    
What page did you browse to  ? What did you type(or paste) into the address bar?
Did you go to login page? The log-in page doesn't look for the cookie.  Or did you copy the address from the first tab after you were logged in?  That second thing  is what I would try.   The browser should send the  cookie that you already obtained in first tab.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40031197
i typed
https://www.bankofamerica.com/

It said welcome back, xyz
then xy*** with sign In button. I clicked sign in buttom.

It went to next page where there is Your SiteKey with password. I entered my password. i successfully logged in and lead to next page with account details etc.
I copied the url at this instace like
https://secure.bankofamerica.com/myaccounts/signin/signIn.go?isSecureMobile=false&returnSiteIndicator=GC&langPref=en-us&request_locale=en-us&capturemode=N&newuser=false&callOM=Y&bP=F

Opened new chrome browser tab and pasted above url

It said welcome back, xyz
then xy*** with sign In button. I clicked sign in buttom.

It went to next page where there is Your SiteKey with password. I re-entered my password. successfully logged in and lead to next page with account details etc.

I tried pasting url===>https://www.bankofamerica.com/ again in other tab that also
It said welcome back, xyz
then xy*** with sign In button. I clicked sign in buttom.

It went to next page where there is Your SiteKey with password. I re-entered my password. successfully logged in and lead to next page with account details etc.

Please advise why i need to enter password details in new tab even though i logged in previous tab to the bank.
0
 
LVL 27

Expert Comment

by:rrz
ID: 40031214
>Please advise why i need to enter password details in new tab even though i logged in previous tab to the bank  
I don't know.  Maybe an expert can explain it.
0
 
LVL 35

Expert Comment

by:mccarl
ID: 40031287
@gudii9,

This sounds like it is just the way that "bankofamerica" have setup their website. Try something for me, once you login and get the list of your accounts, try "refreshing the page" and tell us.... does it still show your accounts or does it ask for your password again?

Or alternatively, to see what a typical site does, if you have a gmail account open a tab and go to gmail.com and then login. Now go to another tab and go to gmail.com again and this time it shouldn't ask you for login details.


Oh, and going back to what I wrote up the top (and your question about it), by "connection" I did not mean your internet connection, I meant each individual TCP connection. In simplistic terms, when you navigate to a webpage a TCP connection is opened to request it and get the page data back, and then the TCP connection is closed. Now if you click a link on that page to go to a new page, a new TCP connection is opened to request that new page and to retrieve it, and then that TCP connection is closed. This is what I meant about "multiple connections".
0
 
LVL 27

Expert Comment

by:rrz
ID: 40032464
I did some testing.  
yahoo mail, gmail, and experts-exchange.com  all work the way we have described.
I guess your banking site has some extra safe guards.  
The easiest way to learn about the session tracking mechanisms is to set up a stand alone Tomcat on your desktop and use the JSP that I posted above here.  By the way, google's Chrome browser allows you to block cookies(ask us if you don't know how). When cookies are blocked, the session id is added the url. Go ahead and play with the  JSP that I posted. You should be able to increment the count variable with and with out using cookies.  
The site we are using now(experts-exchange) is built with java.  If you look at the cookies for this site, then you will see one named jsessionid.  But, unfortunately this site doesn't allow us to not use cookies. So, you can't see the url rewriting mechanism here.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40033787
gmail, and experts-exchange.com  all work the way we have described.

I tested too they works as you mentioned unlike bank.

google's Chrome browser allows you to block cookies(ask us if you don't know how).

Please let me know how to do it
0
 
LVL 27

Expert Comment

by:rrz
ID: 40033915
To block cookies in Chrome:
Click on the button on the far right of the  address bar.
Choose Settings in the dropdown menu.
On the bottom of the Settings page, click on "Show advanced settings...".
Under Privacy heading click  "Content Settings..."  button.
Under Cookies heading select "Block sites from setting any data"
Click Done.
Close browser.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40038451
I ran the JSP on tomcat.

When i refresh browser URL the count is increasing as below.


The session id is 878A76B14B41BC15B2E624B857361A32
Is the session new? true
Did the client send the session id in the url? false
Did the client send the session id in a cookie? false
path is /NewFile.jsp/CookiesProject
encodedPath is /NewFile.jsp/CookiesProject
count=0

Not encoded request

Encoded request


 But the below links are not working


Not encoded request

Encoded request

Please advice on how to fix them.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40038454
You can use that code to see how the session tracking mechanisms work. If you have questions about it,then ask us here.

I ran JSP but not clear on how the session tracking mechanisms demonstrated in this jsp. Please advise
0
 
LVL 27

Expert Comment

by:rrz
ID: 40038756
I am sorry. I made a cut paste error. I didn't notice it because I tested in my ROOT web app( which has a context path of ""). It  is just the second line that has the error.
<%
  String path = request.getContextPath() +  request.getServletPath();
  String encodedPath = response.encodeURL(path);
 Integer count = (Integer)session.getAttribute("count");
  if(count==null)count = new Integer(0);
  session.setAttribute("count",new Integer(count.intValue() + 1)); 
%>
The session id is ${pageContext.session.id}<br/>
Is the session new? ${pageContext.session['new']}<br/>
Did the client send the session id in the url? ${pageContext.request.requestedSessionIdFromURL}<br/>
Did the client send the session id in a cookie? ${pageContext.request.requestedSessionIdFromCookie}<br/>
path is <%=path%><br/>
encodedPath is <%=encodedPath%> <br/>
count=<%=count%><br/><br/>
<a href="<%=path%>">Not encoded request</a><br/><br/>
<a href="<%=encodedPath%>">Encoded request</a><br/>

Open in new window

You are almost there. Just get that path fixed.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40040837
with new jsp i am seeing this error

HTTP Status 500 - Unable to compile class for JSP

--------------------------------------------------------------------------------

type Exception report

message Unable to compile class for JSP

description The server encountered an internal error that prevented it from fulfilling this request.

exception

org.apache.jasper.JasperException: Unable to compile class for JSP
      org.apache.jasper.JspCompilationContext.compile(JspCompilationContext


Please advise on how to fix it
0
 
LVL 7

Author Comment

by:gudii9
ID: 40040841
Here is complete stack trace

May 04, 2014 3:49:23 PM org.apache.catalina.core.AprLifecycleListener init
INFO: The APR based Apache Tomcat Native library which allows optimal performance in production environments was not found on the java.library.path: C:\Program Files\Java\jre7\bin;C:\Windows\Sun\Java\bin;C:\Windows\system32;C:\Windows;C:/Program Files/Java/jre7/bin/client;C:/Program Files/Java/jre7/bin;C:/Program Files/Java/jre7/lib/i386;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Windows\System32\WindowsPowerShell\v1.0\;C:\Users\ganesha\WorkngSesson_04152014\eclipse-jee-kepler-SR2-win32\eclipse;;.
May 04, 2014 3:49:23 PM org.apache.tomcat.util.digester.SetPropertiesRule begin
WARNING: [SetPropertiesRule]{Server/Service/Engine/Host/Context} Setting property 'source' to 'org.eclipse.jst.jee.server:CookiesProject' did not find a matching property.
May 04, 2014 3:49:24 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["http-bio-8080"]
May 04, 2014 3:49:24 PM org.apache.coyote.AbstractProtocol init
INFO: Initializing ProtocolHandler ["ajp-bio-8009"]
May 04, 2014 3:49:24 PM org.apache.catalina.startup.Catalina load
INFO: Initialization processed in 1372 ms
May 04, 2014 3:49:24 PM org.apache.catalina.core.StandardService startInternal
INFO: Starting service Catalina
May 04, 2014 3:49:24 PM org.apache.catalina.core.StandardEngine startInternal
INFO: Starting Servlet Engine: Apache Tomcat/7.0.52
May 04, 2014 3:49:25 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["http-bio-8080"]
May 04, 2014 3:49:25 PM org.apache.coyote.AbstractProtocol start
INFO: Starting ProtocolHandler ["ajp-bio-8009"]
May 04, 2014 3:49:25 PM org.apache.catalina.startup.Catalina start
INFO: Server startup in 1286 ms
May 04, 2014 3:49:28 PM org.apache.catalina.core.StandardWrapperValve invoke
SEVERE: Servlet.service() for servlet [jsp] in context with path [/CookiesProject] threw exception [Unable to compile class for JSP] with root cause
java.io.IOException: tmpFile.renameTo(classFile) failed
      at org.apache.jasper.compiler.SmapUtil$SDEInstaller.install(SmapUtil.java:204)
      at org.apache.jasper.compiler.SmapUtil.installSmap(SmapUtil.java:163)
      at org.apache.jasper.compiler.JDTCompiler.generateClass(JDTCompiler.java:483)
      at org.apache.jasper.compiler.Compiler.compile(Compiler.java:378)
      at org.apache.jasper.compiler.Compiler.compile(Compiler.java:353)
      at org.apache.jasper.compiler.Compiler.compile(Compiler.java:340)
      at org.apache.jasper.JspCompilationContext.compile(JspCompilationContext.java:657)
      at org.apache.jasper.servlet.JspServletWrapper.service(JspServletWrapper.java:357)
      at org.apache.jasper.servlet.JspServlet.serviceJspFile(JspServlet.java:390)
      at org.apache.jasper.servlet.JspServlet.service(JspServlet.java:334)
      at javax.servlet.http.HttpServlet.service(HttpServlet.java:727)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:303)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.apache.tomcat.websocket.server.WsFilter.doFilter(WsFilter.java:52)
      at org.apache.catalina.core.ApplicationFilterChain.internalDoFilter(ApplicationFilterChain.java:241)
      at org.apache.catalina.core.ApplicationFilterChain.doFilter(ApplicationFilterChain.java:208)
      at org.apache.catalina.core.StandardWrapperValve.invoke(StandardWrapperValve.java:220)
      at org.apache.catalina.core.StandardContextValve.invoke(StandardContextValve.java:122)
      at org.apache.catalina.authenticator.AuthenticatorBase.invoke(AuthenticatorBase.java:501)
      at org.apache.catalina.core.StandardHostValve.invoke(StandardHostValve.java:170)
      at org.apache.catalina.valves.ErrorReportValve.invoke(ErrorReportValve.java:98)
      at org.apache.catalina.valves.AccessLogValve.invoke(AccessLogValve.java:950)
      at org.apache.catalina.core.StandardEngineValve.invoke(StandardEngineValve.java:116)
      at org.apache.catalina.connector.CoyoteAdapter.service(CoyoteAdapter.java:408)
      at org.apache.coyote.http11.AbstractHttp11Processor.process(AbstractHttp11Processor.java:1040)
      at org.apache.coyote.AbstractProtocol$AbstractConnectionHandler.process(AbstractProtocol.java:607)
      at org.apache.tomcat.util.net.JIoEndpoint$SocketProcessor.run(JIoEndpoint.java:313)
      at java.util.concurrent.ThreadPoolExecutor.runWorker(Unknown Source)
      at java.util.concurrent.ThreadPoolExecutor$Worker.run(Unknown Source)
      at java.lang.Thread.run(Unknown Source)



Please advice.
0
 
LVL 27

Expert Comment

by:rrz
ID: 40041183
You were able to compile my original JSP.
Now, you must have a problem with your configuration. Are you able to run a simple hello JSP?
What is your configuration?  
Are you running Tomcat within Eclipse?  Since I see Kepler on your library path, I guess you are doing that. Please correct me if I wrong in my assumption.  
I am not an eclipse expert. But, I will try to help you. I googled for some ideas.  
Did you try cleaning your project?(click on clean in dropdown menu from clicking on Project at top menu bar)
I guess that you didn't change any permissions on your folders and you have permission to write to wherever tmpfile is being written.  Is that correct?    
Click on Server tab on Java EE perspective, double click on your Tomcat server. A Overview page should open up. Can you show us that?
0
 
LVL 7

Author Comment

by:gudii9
ID: 40041200
Are you running Tomcat within Eclipse?  Since I see Kepler on your library path, I guess you are doing that. Please correct me if I wrong in my assumption.

that is correct. I am using eclipse kepler with tomcat

You were able to compile my original JSP.

That i had initially compilation errors similar to now. But those resolved by themselves after eclipse, laptop restarts somehow. But now they are not going off. Not sure what is eclipse issue behind this.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40041219
Now it worked.


what is  difference beween below links


Not encoded request

Encoded request

Both are incrementin g count similar to browser url refresh which also increments count.
please advice
0
 
LVL 27

Expert Comment

by:rrz
ID: 40041243
>Now it worked.  
Good.  
>what is  difference beween below links  
The encoded request has the session id written in the url  if cookies are blocked. If the session cookie is used, then they are the same.
0
 
LVL 27

Expert Comment

by:rrz
ID: 40041259
When the session is new, the encoded url always has the session id in it. That is because the servlet container(Tomcat) doesn't know how or if the client will join the session.  At this point in time, the client hasn't sent the cookie back yet or alternatively hasn't sent an  encoded request.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40042868
I see Not encoded request also incrementing the count. I wonder if that also has session id in it. please advice. I am still not able to get complete picture about this whole thing
0
 
LVL 27

Expert Comment

by:rrz
ID: 40043424
There are two different mechanisms that the servlet container(Tomcat) can use to track the user through his session. The servlet container can use a session cookie to hold the session id or encode the session id in  urls.  The cookie mechanism is automatically handled by the servlet container and the user's browser. But, if the cookie is not accepted by the browser,  then the servlet container can encode urls that it sends in it's response. This doesn't happen automatically. The web app coder must run his urls through the response.encodeURL(url).  The coder can make a habit of this because the servlet container will not bother encoding the urls if the session cookie is used.
For the first request from the user to the servlet container, he hasn't joined the session yet. So, for the first response, the servlet container will send the session cookie and encode the urls (if the coder has used the response.encodeURL method on his urls). The container will do both because the session is new and it doesn't know yet which mechanism the client will use to identify himself for the session.
If you browse to the JSP that I posted, you see this in the first response . The encoded request has the session id in it and the cookie has been sent.  

To see the session cookie in your Chrome browser:
Go to the Content settings page.
Under Cookies heading, click on the "All cookies and site data..." button.  
In the list, click on your site to see the cookie(assuming that you didn't block it).
Click on the cookie to see it's contents.  

If the user decides to join the session, then in his second request he must send the cookie back(done automatically by the browser) or use the encoded link.  When the container receives the second request that contains the session id,  it can identify the user and maintain his session. At this point, the session is no longer new.  In subsequent responses the container will use the mechanism the user has decided to use. This is assuming that the coder has encoded all the urls in the links to his site.
You should be able to increment the count variable in my JSP using either tracking mechanism.

All this is specified in the  "Java Servlet Specification". You can download the file  
servlet-3_0-final--spec.pdf  
from  
http://download.oracle.com/otndocs/jcp/servlet-3.0-fr-eval-oth-JSpec/    
You should read the whole thing if you want to learn the Servlet technology.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40044903
I will read it. I heard after MVC introduction in 2000 year no need to worry about the servlets, jsps as mvc frameworks like struts, spring takes care of it. Is that assumption is correct and safe?
0
 
LVL 7

Author Comment

by:gudii9
ID: 40044931
When i click link below link multiple times
Encoded request

I see jsp output as below


The session id is 5C776E6379BDA2C63DAB5155F3890DCF
Is the session new? false
Did the client send the session id in the url? false
Did the client send the session id in a cookie? true
path is /CookiesProject/NewFile.jsp
encodedPath is /CookiesProject/NewFile.jsp
count=12


My question is since i click 'Encoded request'(which i suppose not cookie but URL rewriting encoding mechanism) so below line must come false right instead of true

Did the client send the session id in a cookie? true



Also below line must come true instead of false right.

Did the client send the session id in the url? false

Please advise.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40044935
<%
  String path = request.getContextPath() +  request.getServletPath();
  String encodedPath = response.encodeURL(path);
 Integer count = (Integer)session.getAttribute("count");
  if(count==null)count = new Integer(0);
  session.setAttribute("count",new Integer(count.intValue() + 1));
%>

why jsp preview is not showing above code.

Also how the count is incrementing no matter which link i click. Please advice
0
 
LVL 27

Expert Comment

by:rrz
ID: 40044971
>I heard after MVC introduction in 2000 year no need to worry about the servlets, jsps as mvc frameworks like struts, spring takes care of it      
That is a good question. Please ask a new question in this topic area. It will be interesting to read comments from the  experts.  
Personally, I don't use a frameworks. As far as Java on the server is concerned, I use Servlets, JSP, JSTL, JDO, and tag files.
0
 
LVL 27

Expert Comment

by:rrz
ID: 40045108
My question is since i click 'Encoded request'(which i suppose not cookie but URL rewriting encoding mechanism) so below line must come false right instead of true

Did the client send the session id in a cookie? true
 
Since the client sent the session cookie,  Tomcat doesn't bother encoding the urls.  It doesn't matter which link you use.
Also below line must come true instead of false right.

Did the client send the session id in the url? false
   
No, since the sesssion cookie is being used, Tomcat will not bother encoding any url.  

If you BLOCK cookies, then  after you click on the "Encoded" request link 3 times, you should see the following.

The session id is 8A6190F0DED4014576F814FD5E23164F
 Is the session new? false
 Did the client send the session id in the url? true
 Did the client send the session id in a cookie? false
 path is /sessionTest.jsp
 encodedPath is /sessionTest.jsp;jsessionid=8A6190F0DED4014576F814FD5E23164F
 count=3
If next you click on the "Not encoded" request link, then you will lose the current session. You will lose it  because you didn't send the session id in a cookie or in your url. You should see something like the following.
The session id is E4B9414949F65186BFE42A0D6ABEC2D4
 Is the session new? true
 Did the client send the session id in the url? false
 Did the client send the session id in a cookie? false
 path is /sessionTest.jsp
 encodedPath is /sessionTest.jsp;jsessionid=E4B9414949F65186BFE42A0D6ABEC2D4
 count=0
The container sent a different session id and the session is new. Now click on the "Encoded" request link. You should see the following.
The session id is E4B9414949F65186BFE42A0D6ABEC2D4
 Is the session new? false
 Did the client send the session id in the url? true
 Did the client send the session id in a cookie? false
 path is /sessionTest.jsp
 encodedPath is /sessionTest.jsp;jsessionid=E4B9414949F65186BFE42A0D6ABEC2D4
 count=1
 The session has been maintained because Tomcat was asked by the web app coder(me)  to send the encoded url in the last response and the user sent it back to Tomcat in his current request.
0
How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

 
LVL 27

Expert Comment

by:rrz
ID: 40045166
>why jsp preview is not showing above code.    
That is not a preview. That is a scriptlet.  That code is executed on the server and is not part of the output. You need to know how JSP and Servlets work. Basically the requested Servlet  does some code execution and outputs some HTML(most common) to the client for a response .
0
 
LVL 7

Author Comment

by:gudii9
ID: 40045201
I went to chrom settings and cookie settings to see below cookie data
Name:      JSESSIONID
Content:      1C4B3E5FA36216578F5B52F2CA65DAC3
Domain:      localhost
Path:      /CookiesProject/
Send for:      Any kind of connection
Accessible to script:      No (HttpOnly)
Created:      Tuesday, May 6, 2014 2:10:39 PM
Expires:      When the browsing session ends


Now it make sense why it is true for cookie

The session id is 1C4B3E5FA36216578F5B52F2CA65DAC3
Is the session new? false
Did the client send the session id in the url? false
Did the client send the session id in a cookie? true
path is /CookiesProject/NewFile.jsp
encodedPath is /CookiesProject/NewFile.jsp
count=1

If you BLOCK cookies, then  after you click on the "Encoded" request link 3 times, you should see the following.

How to block cookie in chrome to test url encoding mechanism as well. Please advise
0
 
LVL 7

Author Comment

by:gudii9
ID: 40045216
If next you click on the "Not encoded" request link, then you will lose the current session. You will lose it  because you didn't send the session id in a cookie or in your url. You should see something like the following.


The session id is E4B9414949F65186BFE42A0D6ABEC2D4
 Is the session new? true
 Did the client send the session id in the url? false
 Did the client send the session id in a cookie? false
 path is /sessionTest.jsp
 encodedPath is /sessionTest.jsp;jsessionid=E4B9414949F65186BFE42A0D6ABEC2D4
 count=0


Not encoding is third mechanism( i see both cookie and url reqriting are coming false for you) apart from cookies mechanism, url rewriting mechanism.


If next you click on the "Not encoded" request link, then you will lose the current session. You will lose it  because you didn't send the session id in a cookie or in your url. You should see something like the following

but for me instead of false false always coming false true as given below even after clicking Not encoded request link many times.

The session id is 1C4B3E5FA36216578F5B52F2CA65DAC3
Is the session new? false
Did the client send the session id in the url? false
Did the client send the session id in a cookie? true
path is /CookiesProject/NewFile.jsp
encodedPath is /CookiesProject/NewFile.jsp 
count=16

Not encoded request

Encoded request

Open in new window



How do i see false false like your output. please advise
0
 
LVL 27

Expert Comment

by:rrz
ID: 40046205
>I went to chrom settings and cookie settings to see below cookie data  
Ok good. You can find the cookies that your browser is storing.  

>How to block cookie in chrome to test url encoding mechanism as well. Please advise    
I already posted that  at    
http://www.experts-exchange.com/Programming/Languages/Java/J2EE/Q_28407296.html#a40033915    

>Not encoding is third mechanism( i see both cookie and url reqriting are coming false for you) apart from cookies mechanism, url rewriting mechanism.  
I only  described two mechanisms. I don't know what third mechanism that you are talking about.    

>but for me instead of false false always coming false true as given below even after clicking Not encoded request link many times.    
You have the session cookie stored. You can look in Chrome's "Cookies and site data" page.  
When the output is
 Did the client send the session id in a cookie? true  
That means that your browser sent the cookie.
>How do i see false false like your output. please advise    
You must block  the cookie.  For an experiment try clicking on the remove button(it is below the cookie data).
0
 
LVL 7

Author Comment

by:gudii9
ID: 40046254
I blocked the cookie and saw both false and false as below


The session id is F280FB1A8371400F1459DE04E9DB515F
Is the session new? true
Did the client send the session id in the url? false
Did the client send the session id in a cookie? false
path is /CookiesProject/NewFile.jsp
encodedPath is /CookiesProject/NewFile.jsp;jsessionid=F280FB1A8371400F1459DE04E9DB515F
count=0

Not encoded request

Encoded request



Now URL rewriting mechanism seems kicked in.


I wonder why the count is not increasing when i click


Not encoded request



I see when i blocked cookies gmail stopped working. How to unblock cookies again so that gmail works. what is the default option i have to click back
( is it is ---->Allow local data to be set (recommended)??)
I got this error

Oops! Your browser seems to have cookies disabled. Make sure cookies are enabled or try opening a new browser window. [?]



(
experts exchanges works fine even after blocking cookies)
0
 
LVL 27

Expert Comment

by:rrz
ID: 40046259
One more helpful hint that I just noticed:
After you have gone through the settings page and performed  the steps to block cookies that I posted,  when the Chrome browser blocks a cookie,  it displays a brown cookie with a red X across it.  You should see that icon in the address bar. It should appear right next to the bookmark star.  If you click on the cookie icon it will open up a dialog box.
0
 
LVL 27

Expert Comment

by:rrz
ID: 40046273
>Now URL rewriting mechanism seems kicked in.  
Good. We are getting somewhere.  

>I wonder why the count is not increasing when i click   Not encoded request    
If you have cookies blocked and don't use encoded url, then the server can't identify you.  

>How to unblock cookies again so that gmail works. what is the default option i have to click back
( is it is ---->Allow local data to be set (recommended    
Yes
Or click on that cookie icon that I described in my last comment.

>experts exchanges works fine even after blocking cookies)  
Isn't the cookie for experts-exchange already stored ?  
I think blocking cookies means that no new ones will be accepted.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40047686
I see since server cannot identify


  Integer count = (Integer)session.getAttribute("count");
  if(count==null)count = new Integer(0);
  session.setAttribute("count",new Integer(count.intValue() + 1));


Count increment not happening since session.setAttribute is not updating with new incremented count right?
0
 
LVL 27

Expert Comment

by:rrz
ID: 40048052
>Count increment not happening since session.setAttribute is not updating with new incremented count right?    
Wrong.  
A JSP creates a session by default.  If a request is sent without a session id, then a new session will be created. Keep your eye on the session id.
   Let's take the code step by step.
session.getAttribute("count")

Open in new window

For the first request or for any request that doesn't send a session id,  the session is new and there are no attributes set yet. Therefore the session attribute "count"  is equal to null.  


  Integer count = (Integer)session.getAttribute("count");

Open in new window

Now the "scripting variable"  "count is null.



if(count==null)count = new Integer(0);

Open in new window

Since the condition is true, now the "scripting variable" count is equal to an Integer with a  value of 0.

In the lower part of the JSP we have  
count=<%=count%>

Open in new window


Therefore the value of the "scripting variable" count is written to the response.
Next in the scriptlet we have
session.setAttribute("count",new Integer(count.intValue() + 1));

Open in new window


Here we have set the session attribute "count" to 1.  But, we don't use that value until the next request and the page executes
 Integer count = (Integer)session.getAttribute("count");

Open in new window

 If the user joins the session(by returning his session id),  then  the "scripting variable" count is equal to an Integer with a value of 1 and for the output
count=<%=count%>

Open in new window

he will see
count =1
 I guess I should have defined count as the number of requests that the user has made since joining the session. What do you think?
0
 
LVL 7

Author Comment

by:gudii9
ID: 40048546
I agree it should have been better with noOfRequests etc rather than count.

  String path = request.getContextPath() +  request.getServletPath();
  String encodedPath = response.encodeURL(path);


What is patha dnwhat is encodedPath. How they are related in this context
0
 
LVL 27

Expert Comment

by:rrz
ID: 40049232
>What is patha dnwhat is encodedPath.    
path is another name for url. In your case it was
  /CookiesProject/NewFile.jsp
This is what as known as a relative path. It begins with a "/"  therefore the browser interprets it as relative to the server.
encodedPath is the path encoded with  session id.  In your case it would look like
 /CookiesProject/NewFile.jsp;jsessionid=8A6190F0DED4014576F814FD5E23164F    
>How they are related in this context    
I needed a path in order to construct the links at the bottom of the JSP.  
>request.getContextPath() +  request.getServletPath();  
In order for you to begin to understand code, you must start reading the API.  
http://docs.oracle.com/javaee/7/api/overview-summary.html      
more specifically for this discussion
http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletRequest.html  
http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpSession.html
0
 
LVL 7

Author Comment

by:gudii9
ID: 40050635
Makes more sense.
Here we have set the session attribute "count" to 1.  But, we don't use that value until the next request and the page executes
 Integer count = (Integer)session.getAttribute("count");

How did you tell code not to use until next request and page executes?
Please advice
0
 
LVL 27

Expert Comment

by:rrz
ID: 40050820
>How did you tell code not to use until next request and page executes?   Please advice      
That is the way I chose to write the code.
 
count=<%=count%> this is the scripting variable

Open in new window


The session-scoped variable is the following
session.getAttribute("count")

Open in new window

If I chose to display the session-scoped variable called count , then I would have used the following
count=${count} this is the scoped variable

Open in new window

 

I just used the session-scoped variable to store the value.   This way it was available for multiple requests from the user.  
I guess it is confusing that I used the same name for the scripting variable and the session-scoped variable. But once you learn how to read the code, it would perfectly clear. Look at  
http://javapapers.com/jsp/explain-the-scope-of-jsp-objects/  
http://strutscr.uw.hu/0059.html
http://hscripts.com/tutorials/jsp/jsp-scopes.php  
http://www.java-samples.com/showtutorial.php?tutorialid=1009
0
 
LVL 7

Author Comment

by:gudii9
ID: 40051206
I guess it is confusing that I used the same name for the scripting variable and the session-scoped variable.

can you please send the code by renaming them so that i can analyze whole code and understand based on the info and link you sent
0
 
LVL 27

Expert Comment

by:rrz
ID: 40052451
Ok. Here is my rewrite.  Please tell me if there is anything I could change to make it more clear.
<%
  String url = request.getContextPath() +  request.getServletPath();
  String encodedURL = response.encodeURL(url);
  if(session.getAttribute("numberOfRequests") == null)session.setAttribute("numberOfRequests", 0);
  session.setAttribute("numberOfRequests", (Integer)session.getAttribute("numberOfRequests") + 1); 
%>
The session id is ${pageContext.session.id}<br/>
Is the session new? ${pageContext.session['new']}<br/>
Did the client send the session id in the url? ${pageContext.request.requestedSessionIdFromURL}<br/>
Did the client send the session id in a cookie? ${pageContext.request.requestedSessionIdFromCookie}<br/>
URL of this page is <%=url%><br/>
Encoded URL is <%=encodedURL%> <br/>
Number of requests in this session is ${numberOfRequests}<br/>
Use the links below to refresh this page.<br/>
<a href="<%=url%>">Not encoded request</a>&nbsp;&nbsp;&nbsp;<a href="<%=encodedURL%>">Encoded request</a>

Open in new window

0
 
LVL 7

Author Comment

by:gudii9
ID: 40053560
Line1: if(session.getAttribute("numberOfRequests") == null)session.setAttribute("numberOfRequests", 0);
Line2:  session.setAttribute("numberOfRequests", (Integer)session.getAttribute("numberOfRequests") + 1);

in above two lines there is no relation between line 1 and line 2 right. Is there is any relation like If session.getAttribute("numberOfRequests") is not null then execute line2 ?

Please advice
0
 
LVL 19

Expert Comment

by:Ken Butters
ID: 40053589
you cannot add 1 to a NULL.

So the only thing the first line is doing is checking for a NULL, and if it is equal to NULL it sets it to zero.
Then on the second line, it increments it by 1.

If you removed the first line, it is possible you could be trying to add 1 to NULL.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40053620
so Line1 and Line2 are independent of each other. As the program continues to execute it goes through line by line like Line1 and then Line2 right. It is basically not like IF  ELSEIF kind of conditional statement right?
0
 
LVL 19

Expert Comment

by:Ken Butters
ID: 40053621
correct.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40053638
To completely understand this program completerly i need to brush up some JSP skills from the links, info provided. I will get bak
0
 
LVL 27

Expert Comment

by:rrz
ID: 40053664
>in above two lines there is no relation between line 1 and line 2 right.  
Right.
>Is there is any relation like If session.getAttribute("numberOfRequests") is not null then execute line2 ?  
No relation or condition. I did not use the keyword else.        

If the session is new, then there can't be any attributes set yet. So, my fourth  line(your line 1) creates and sets the attribute to 0.  
My fifth line(your line2) always increments the attribute.
0
 
LVL 19

Expert Comment

by:Ken Butters
ID: 40053682
i need to brush up some JSP skills

When you look at the code here... the fact that it is enclosed in "<%" and "%>" that tells you that the enclosed code is javascript.

So the formatting of the if (cond) expression; that you were asking about was concerning the syntax of javascript... not so much JSP's.
0
 
LVL 35

Expert Comment

by:mccarl
ID: 40053848
Ken,

Just one small correction to what you said above... The code in the JSP is actually Java (not JavaScript).
0
 
LVL 19

Expert Comment

by:Ken Butters
ID: 40053860
whoops!... thanks!  ;)
0
 
LVL 7

Author Comment

by:gudii9
ID: 40054584
I ran latest jsp.

I got output like this

The session id is 7CD8CF34DC876CED28DE0F69FC28ED99
Is the session new? false
Did the client send the session id in the url? false
Did the client send the session id in a cookie? true
URL of this page is /CookiesProject/NewFile2.jsp
Encoded URL is /CookiesProject/NewFile2.jsp
Number of requests in this session is 17
Use the links below to refresh this page.
Not encoded request   Encoded request

wheni click the Encoded Request link multiple times. It makes sense to me as i have not disabled cookies session tracking is being done using cookies mechanism rather than url rewriting.

I have one question. why both below URLs printing the same
URL of this page is /CookiesProject/NewFile2.jsp
Encoded URL is /CookiesProject/NewFile2.jsp

Please advice
0
 
LVL 19

Expert Comment

by:Ken Butters
ID: 40054608
URL encoding will take special characters (most of the time -- blanks) and convert the to hex.

if your URL were : /My Cookie Project/New File2.jsp
your encoded URL might be : /My%20Cookie%Project/New%20File2.jsp

but you didn't have any special characters in your URL that needed encoding.
0
 
LVL 7

Author Comment

by:gudii9
ID: 40054628
All that we are majorly doing in this jsp is to check if session tracking is done via cookies or URL rewriting
Then print count of number of visits in current session right.
0
 
LVL 27

Accepted Solution

by:
rrz earned 300 total points
ID: 40054664
>I have one question. why both below URLs printing the same      
if you look at the API  at
http://docs.oracle.com/javaee/7/api/javax/servlet/http/HttpServletResponse.html#encodeURL(java.lang.String)      
It states  
"Encodes the specified URL by including the session ID, or, if encoding is not needed, returns the URL unchanged"  
Therefore Tomcat does not encode the url when the session cookie is being used.
When the session is new, Tomcat will send the session id in both the url and the session cookie. At that point in time, the client hasn't joined the session yet. Therfore Tomcat will cover both possibilities.  You can see this after your first request.  The first response will show the session id in the "EncodedURL"  and you will find the cookie in browser's local data.
0
 
LVL 27

Expert Comment

by:rrz
ID: 40054685
@Ken Butters,
You are talking about HTML form encoding. Look at  
http://docs.oracle.com/javase/7/docs/api/java/net/URLEncoder.html
0
 
LVL 7

Author Comment

by:gudii9
ID: 40054696
The first response will show the session id in the "EncodedURL"  

Yea, I remember now I tested as you mentioned by disabling cookies and got the encoded url with the session id as well as below



The session id is F280FB1A8371400F1459DE04E9DB515F
Is the session new? true
Did the client send the session id in the url? false
Did the client send the session id in a cookie? false
path is /CookiesProject/NewFile.jsp
encodedPath is /CookiesProject/NewFile.jsp;jsessionid=F280FB1A8371400F1459DE04E9DB515F
count=0

Not encoded request

Encoded request
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
count7 challenge 12 70
count8 challlenge 13 87
eclipse compiler vs Installed JREs option 3 42
github account with ecipse 1 20
After being asked a question last year, I went into one of my moods where I did some research and code just for the fun and learning of it all.  Subsequently, from this journey, I put together this article on "Range Searching Using Visual Basic.NET …
I had a project requirement for a displaying a user workbench .This workbench would consist multiple data grids .In each grid the user will be able to see a large number of data. These data grids should allow the user to 1. Sort 2. Export the …
Viewers learn about the “while” loop and how to utilize it correctly in Java. Additionally, viewers begin exploring how to include conditional statements within a while loop and avoid an endless loop. Define While Loop: Basic Example: Explanatio…
Viewers learn how to read error messages and identify possible mistakes that could cause hours of frustration. Coding is as much about debugging your code as it is about writing it. Define Error Message: Line Numbers: Type of Error: Break Down…

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

11 Experts available now in Live!

Get 1:1 Help Now