----------------------------------------------------
Please read the FAQ at <http://java.apache.org/faq/>
It does have a search feature!
We cannot guess what you are trying to do:
#1. Include version numbers for all software.
#2. Include relevant configuration settings.
#3. Include full descriptions of the problem.
Got Linux? Seeing lots of java processes?
<http://java.apache.org/faq/?file=274>
----------------------------------------------------
There is only 1 User object instance created. You have a reference to that
instance in your local variable 'u'; you
also stash a reference to the User object inside the session
object. Although 'u' goes out of scope when the method ends,
the session object still exists and holds a reference to your object, and
so it will not be GC'ed.
Now, is it thread-safe? Well, the session object maps to a specific
browser client, identified by either a cookie or a value from an
URL. Under normal conditions, 2 browsers will never map to the same
session object, so there should never be 2 simultaneous requests against 1
session, and by extension never 2 simultaneous requests accessing the same
User object instance. If you were paranoid, you could wrap the Validate
call with a synchronize on u, for example:
synchronize( u ) {
Validate u
}
but like I said, you would never need to do this unless something weird was
happening -- like someone forging URLs and trolling for session IDs.
Hope this helps ...
- Fernando
> I have spent the last few days researching a question
> and I can't seem to find an answer. I hope someone here
> might have some insight.
>
> I have a series of servlets that all use information
> provided by a HttpSession object. The pseudo code goes like
> this:
>
> [Note, 'User' is a serializable class]
>
> Class Login extends HttpServlet {
>
> doGet(req,res) {
> getSession(true)
>
> Validate username/password
>
> if(good) {
> User u = getUser(username)
> session.putValue("user", u)
> res.sendRedirect(Options)
> }
> }
> }
>
> Class Options extends HttpServlet {
>
> doGet(req,res) {
>
> getSession(false)
> User u = (User)getValue("user")
> Validate u
>
> if(good) {
> welcome user
> } else {
> hit the road
> }
> }
> }
>
> My questions center around the user object, u, in the
> above examples. u is a local variable within the scope of
> the methods. So, it is thread safe, right?. Each access to
> Login would be a different thread, thus, a different instance
> of u. However, I am putting u into a session object. When
> Options gets u, is it getting a reference to Login's u object?
> Once Options is run, Login's u object is no longer in scope, so
> the reference won't be valid? If I create a new User object in
> Login and add that, will the JVM garbage collect that version
> since Login is no longer active? Will other accesses of Login
> potentially replace u with new information? If so, then Bob
> may be using someone else's information?
>
> I hope everyone is following me here. It's kind
> of hard to articulate exactly what my real question is.
> I'm trying to figure out how sessions maintain objects. I'm
> worried that my session objects might disappear due to garbage
> collection or scoping. Thanks.
>
> -Tom
--
--------------------------------------------------------------
Please read the FAQ! <http://java.apache.org/faq/>
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html>
Problems?: [EMAIL PROTECTED]
