By invalidating session we generally think that all the memory will be
released but if invalidate doesn't actually release memore and make the
session object null then we need to have our own measures for releasing the
memory. My concern is more for the memore rathar than the program error
handling.
----- Original Message -----
From: "Noah Nordrum" <[EMAIL PROTECTED]>
To: "Orion-Interest" <[EMAIL PROTECTED]>
Sent: Saturday, May 12, 2001 1:31 PM
Subject: Re: Session Invalidate Exception
> So have the page where the user enters their credentials wax their
session,
> then the validation of the credentials page will create a new session.
>
> why do you have to invalidate the session? why can't you just do:
> ===========================================
> HttpSession session = request.getSession();
> Enumeration attributes = session.getAttributeNames();
> while (attributes.hasMoreElements()) {
> session.removeAttribute((String)attributes.nextElement());
> }
> ===========================================
> Then you'll basically have a fresh session (except for a few exceptions).
>
> Noah
>
> ----- Original Message -----
> From: "Jeff Schnitzer" <[EMAIL PROTECTED]>
> To: "Orion-Interest" <[EMAIL PROTECTED]>
> Sent: Saturday, May 12, 2001 1:31 PM
> Subject: RE: Session Invalidate Exception
>
>
> > I don't think that excludes the desired behavior, which is that you
> > should be able to invalidate a session and then create a new one.
> >
> > It appears that session invalidate() is setting a flag in the session
> > object causing it to be cleaned up sometime later. Since the only way
> > to logout a user is to call invalidate(), this causes some headaches.
> >
> > Ideally I would like my login submit page to a) discard existing
> > credentials and b) try new credentials. This way if a user was already
> > logged in, the net result of a new login attempt will be the
> > unauthenticated state. Unfortunately I can't call
> >
> > getSession().invalidate();
> > session = getSession();
> >
> > because what I get is the old session, which is going to disappear at
> > the end of the method, the call to RoleManager.login() notwithstanding.
> > Furthermore, a failed call to RoleManager.login() does *not* discard
> > existing credentials. The only way to accomplish the original goal is
> > to put the invalidate() on every page with a login form.
> >
> > Ok, this isn't super critical, but it's annoying nevertheless.
> >
> > Jeff
> >
> > > -----Original Message-----
> > > From: Noah Nordrum [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, May 11, 2001 7:09 PM
> > > To: Orion-Interest
> > > Subject: Re: Session Invalidate Exception
> > >
> > >
> > > Session Invalidate ExceptionServlet Spec
> > > ==========================================
> > > 7.2 Creating a Session
> > > Because HTTP is a request-response based protocol, a session
> > > is considered
> > > to be new until a client "joins" it. A client joins a session
> > > when session
> > > tracking information has been successfully returned to the
> > > server indicating
> > > that a session has been established. Until the client joins a
> > > session, it
> > > cannot be assumed that the next request from the client will
> > > be recognized
> > > as part of the session.
> > >
> > > The session is considered to be "new" if either of the
> > > following is true:
> > > . The client does not yet know about the session
> > > . The client chooses not to join a session. This implies that
> > > the servlet
> > > container has no mechanism by which to associate a request
> > > with a previous
> > > request.
> > >
> > > A Servlet Developer must design their application to handle a
> > > situation
> > > where a client has not, can not, or will not join a session.
> > > ==========================================
> > >
> > > That last line is what specifically applies to your situation, only
> > > backwards. In this case you are invalidating the HttpSession,
> > > but the client
> > > doesn't yet know about the pending invalidation, hense the
> > > IllegalStateException.
> > >
> > > Noah
> > >
> > > ----- Original Message -----
> > > From: Kesav Kumar
> > > To: Orion-Interest
> > > Sent: Friday, May 11, 2001 7:23 PM
> > > Subject: RE: Session Invalidate Exception
> > >
> > >
> > > If there is no valid session getSession(false) should return
> > > null is in't
> > > it?
> > >
> > > Kesav Kumar
> > > Software Engineer
> > > Voquette, Inc.
> > > 650 356 3740
> > > mailto:[EMAIL PROTECTED]
> > > http://www.voquette.com
> > > Voquette...Delivering Sound Information
> > > -----Original Message-----
> > > From: Jason Coward [mailto:[EMAIL PROTECTED]]
> > > Sent: Friday, May 11, 2001 2:55 PM
> > > To: Orion-Interest
> > > Subject: RE: Session Invalidate Exception
> > >
> > >
> > > Kesav:
> > >
> > > I believe that when you call request.getSession(false), it
> > > will not create a
> > > new session if a valid one does not already exist. If you
> > > want to create a
> > > new one, right after invalidation of a previous session, call
> > > request.getSession() or request.getSession(true). Obviously,
> > > you will need
> > > to reset your attribute after the new session is created.
> > >
> > > Jason
> > > -----Original Message-----
> > > From: [EMAIL PROTECTED]
> > > [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar
> > > Sent: Friday, May 11, 2001 4:17 PM
> > > To: Orion-Interest
> > > Subject: Session Invalidate Exception
> > >
> > >
> > > When we call invalidate() method on the session what happens?
> > > I was doing the following and I am getting a strange error.
> > > This is just a
> > > testcondition I am giving to reproduce my error. The reality is much
> > > complex.
> > > session.setAttribute("kesav", "I am nice");
> > > session.invalidate();
> > > HttpSession sess = request.getSession(false);
> > > if(sess == null)
> > > System.out.println("Session is null");
> > > Object obj = sess.getAttribute("kesav");
> > > After the invalidate I was thinking that I won't get session
> > > object thats
> > > the reason I had a condition for null. What happening is I
> > > am getting a
> > > session object and when I try to access any attribute I am getting
> > > java.lang.IllegalStateException: Session was invalidated
> > > at com.evermind[Orion/1.4.8 (build
> > > 10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source)
> > > at /Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7)
> > > at com.orionserver[Orion/1.4.8 (build
> > > 10374)].http.OrionHttpJspPage.service(Unknown Source)
> > > at com.evermind[Orion/1.4.8 (build
> > > 10374)]._aj._nxd(Unknown Source)
> > > at com.evermind[Orion/1.4.8 (build
> > > 10374)].server.http.JSPServlet.service(Unknown Source)
> > > at com.evermind[Orion/1.4.8 (build
> > > 10374)]._iib._vfd(Unknown Source)
> > > at com.evermind[Orion/1.4.8 (build
> > > 10374)]._iib._qjc(Unknown Source)
> > > at com.evermind[Orion/1.4.8 (build
> > > 10374)]._kj._qbc(Unknown Source)
> > > at com.evermind[Orion/1.4.8 (build
> > > 10374)]._kj._oa(Unknown Source)
> > > at com.evermind[Orion/1.4.8 (build
> > > 10374)]._jw.run(Unknown Source)
> > > Any ideas why is it happening?
> > > Kesav Kumar
> > > Software Engineer
> > > Voquette, Inc.
> > > 650 356 3740
> > > mailto:[EMAIL PROTECTED]
> > > http://www.voquette.com
> > > Voquette...Delivering Sound Information
> > >
> > >
> > > _________________________________________________________
> > > Do You Yahoo!?
> > > Get your free @yahoo.com address at http://mail.yahoo.com
> > >
> > >
> > >
>
>
> _________________________________________________________
> Do You Yahoo!?
> Get your free @yahoo.com address at http://mail.yahoo.com
>
>
