Re: Session Invalidate Exception
Thanks for your detailed explanation. Orion is really a great server the only really missing thing is a document. - Original Message - From: elephantwalker [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Saturday, May 12, 2001 9:15 PM Subject: RE: Session Invalidate Exception Kesav, In order to release memory, we need to make sure that we use enterprise objects which are pooled by orion. As far as I know, these include stateless session beans, entity beans and stateful session beans. Each of these are recovered by the appserver as they fall out of context. Servlets and jsp's are also pooled by the appserver. However, the servlet context may include objects which stay in memory...but not real memory. These object should be serialized as the servlet time's out, or looses its session. One of the ideas behind application servers in general, and j2ee specifically is that we register our objects with the appserver, and the appserver should handle recovery of any objects (and therefore, memory) as necessary. If orion needs the memory, it will recover the objects which aren't being used, because they are part of a pool of objects. Don't worry so much about the memory stuff, because those guys in Sweden are taking care of this for us. Regards, the elephantwalker -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar Sent: Saturday, May 12, 2001 4:58 PM To: Orion-Interest Subject: Re: Session Invalidate Exception By invalidating session we generally think that all the memory will be released but if invalidate doesn't actually release memore and make the session object null then we need to have our own measures for releasing the memory. My concern is more for the memore rathar than the program error handling. - Original Message - From: Noah Nordrum [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Saturday, May 12, 2001 1:31 PM Subject: Re: Session Invalidate Exception So have the page where the user enters their credentials wax their session, then the validation of the credentials page will create a new session. why do you have to invalidate the session? why can't you just do: === HttpSession session = request.getSession(); Enumeration attributes = session.getAttributeNames(); while (attributes.hasMoreElements()) { session.removeAttribute((String)attributes.nextElement()); } === Then you'll basically have a fresh session (except for a few exceptions). Noah - Original Message - From: Jeff Schnitzer [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Saturday, May 12, 2001 1:31 PM Subject: RE: Session Invalidate Exception I don't think that excludes the desired behavior, which is that you should be able to invalidate a session and then create a new one. It appears that session invalidate() is setting a flag in the session object causing it to be cleaned up sometime later. Since the only way to logout a user is to call invalidate(), this causes some headaches. Ideally I would like my login submit page to a) discard existing credentials and b) try new credentials. This way if a user was already logged in, the net result of a new login attempt will be the unauthenticated state. Unfortunately I can't call getSession().invalidate(); session = getSession(); because what I get is the old session, which is going to disappear at the end of the method, the call to RoleManager.login() notwithstanding. Furthermore, a failed call to RoleManager.login() does *not* discard existing credentials. The only way to accomplish the original goal is to put the invalidate() on every page with a login form. Ok, this isn't super critical, but it's annoying nevertheless. Jeff -Original Message- From: Noah Nordrum [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 7:09 PM To: Orion-Interest Subject: Re: Session Invalidate Exception Session Invalidate ExceptionServlet Spec == 7.2 Creating a Session Because HTTP is a request-response based protocol, a session is considered to be new until a client joins it. A client joins a session when session tracking information has been successfully returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of the session. The session is considered to be new if either of the following is true: . The client does not yet know about the session . The client chooses not to join a session. This implies that the servlet container has no mechanism by which to associate
RE: Session Invalidate Exception
From: Noah Nordrum [mailto:[EMAIL PROTECTED]] So have the page where the user enters their credentials wax their session, then the validation of the credentials page will create a new session. That was the solution I mentioned. It is undesirable for three reasons I can think of; one, it requires a fix in the multiple locations where there is a login page; two, not every page with login credentials should cause this behavior (such as a hypothetical log in as someone else page); three, it requires access to the session in the view. The last one is the biggest problem, IMHO, because it violates the MVC paradigm. Views shouldn't have code. why do you have to invalidate the session? why can't you just do: === HttpSession session = request.getSession(); Enumeration attributes = session.getAttributeNames(); while (attributes.hasMoreElements()) { session.removeAttribute((String)attributes.nextElement()); } === Then you'll basically have a fresh session (except for a few exceptions). I hadn't thought of that. I heard mention on this list some time ago that Orion stores its security credentials in the user session. The only problem is, I don't think there is any guarantee that J2EE app servers store credentials in the session. That code isn't necessarily going to work everywhere. Of course, the RoleManager code isn't portable either, so it doesn't really matter :-) Thanks, Jeff
RE: Session Invalidate Exception
I don't think that excludes the desired behavior, which is that you should be able to invalidate a session and then create a new one. It appears that session invalidate() is setting a flag in the session object causing it to be cleaned up sometime later. Since the only way to logout a user is to call invalidate(), this causes some headaches. Ideally I would like my login submit page to a) discard existing credentials and b) try new credentials. This way if a user was already logged in, the net result of a new login attempt will be the unauthenticated state. Unfortunately I can't call getSession().invalidate(); session = getSession(); because what I get is the old session, which is going to disappear at the end of the method, the call to RoleManager.login() notwithstanding. Furthermore, a failed call to RoleManager.login() does *not* discard existing credentials. The only way to accomplish the original goal is to put the invalidate() on every page with a login form. Ok, this isn't super critical, but it's annoying nevertheless. Jeff -Original Message- From: Noah Nordrum [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 7:09 PM To: Orion-Interest Subject: Re: Session Invalidate Exception Session Invalidate ExceptionServlet Spec == 7.2 Creating a Session Because HTTP is a request-response based protocol, a session is considered to be new until a client joins it. A client joins a session when session tracking information has been successfully returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of the session. The session is considered to be new if either of the following is true: . The client does not yet know about the session . The client chooses not to join a session. This implies that the servlet container has no mechanism by which to associate a request with a previous request. A Servlet Developer must design their application to handle a situation where a client has not, can not, or will not join a session. == That last line is what specifically applies to your situation, only backwards. In this case you are invalidating the HttpSession, but the client doesn't yet know about the pending invalidation, hense the IllegalStateException. Noah - Original Message - From: Kesav Kumar To: Orion-Interest Sent: Friday, May 11, 2001 7:23 PM Subject: RE: Session Invalidate Exception If there is no valid session getSession(false) should return null is in't it? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information -Original Message- From: Jason Coward [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 2:55 PM To: Orion-Interest Subject: RE: Session Invalidate Exception Kesav: I believe that when you call request.getSession(false), it will not create a new session if a valid one does not already exist. If you want to create a new one, right after invalidation of a previous session, call request.getSession() or request.getSession(true). Obviously, you will need to reset your attribute after the new session is created. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar Sent: Friday, May 11, 2001 4:17 PM To: Orion-Interest Subject: Session Invalidate Exception When we call invalidate() method on the session what happens? I was doing the following and I am getting a strange error. This is just a testcondition I am giving to reproduce my error. The reality is much complex. session.setAttribute(kesav, I am nice); session.invalidate(); HttpSession sess = request.getSession(false); if(sess == null) System.out.println(Session is null); Object obj = sess.getAttribute(kesav); After the invalidate I was thinking that I won't get session object thats the reason I had a condition for null. What happening is I am getting a session object and when I try to access any attribute I am getting java.lang.IllegalStateException: Session was invalidated at com.evermind[Orion/1.4.8 (build 10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source) at /Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7) at com.orionserver[Orion/1.4.8 (build 10374)].http.OrionHttpJspPage.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._aj._nxd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)].server.http.JSPServlet.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._vfd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374
Re: Session Invalidate Exception
So have the page where the user enters their credentials wax their session, then the validation of the credentials page will create a new session. why do you have to invalidate the session? why can't you just do: === HttpSession session = request.getSession(); Enumeration attributes = session.getAttributeNames(); while (attributes.hasMoreElements()) { session.removeAttribute((String)attributes.nextElement()); } === Then you'll basically have a fresh session (except for a few exceptions). Noah - Original Message - From: Jeff Schnitzer [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Saturday, May 12, 2001 1:31 PM Subject: RE: Session Invalidate Exception I don't think that excludes the desired behavior, which is that you should be able to invalidate a session and then create a new one. It appears that session invalidate() is setting a flag in the session object causing it to be cleaned up sometime later. Since the only way to logout a user is to call invalidate(), this causes some headaches. Ideally I would like my login submit page to a) discard existing credentials and b) try new credentials. This way if a user was already logged in, the net result of a new login attempt will be the unauthenticated state. Unfortunately I can't call getSession().invalidate(); session = getSession(); because what I get is the old session, which is going to disappear at the end of the method, the call to RoleManager.login() notwithstanding. Furthermore, a failed call to RoleManager.login() does *not* discard existing credentials. The only way to accomplish the original goal is to put the invalidate() on every page with a login form. Ok, this isn't super critical, but it's annoying nevertheless. Jeff -Original Message- From: Noah Nordrum [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 7:09 PM To: Orion-Interest Subject: Re: Session Invalidate Exception Session Invalidate ExceptionServlet Spec == 7.2 Creating a Session Because HTTP is a request-response based protocol, a session is considered to be new until a client joins it. A client joins a session when session tracking information has been successfully returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of the session. The session is considered to be new if either of the following is true: . The client does not yet know about the session . The client chooses not to join a session. This implies that the servlet container has no mechanism by which to associate a request with a previous request. A Servlet Developer must design their application to handle a situation where a client has not, can not, or will not join a session. == That last line is what specifically applies to your situation, only backwards. In this case you are invalidating the HttpSession, but the client doesn't yet know about the pending invalidation, hense the IllegalStateException. Noah - Original Message - From: Kesav Kumar To: Orion-Interest Sent: Friday, May 11, 2001 7:23 PM Subject: RE: Session Invalidate Exception If there is no valid session getSession(false) should return null is in't it? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information -Original Message- From: Jason Coward [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 2:55 PM To: Orion-Interest Subject: RE: Session Invalidate Exception Kesav: I believe that when you call request.getSession(false), it will not create a new session if a valid one does not already exist. If you want to create a new one, right after invalidation of a previous session, call request.getSession() or request.getSession(true). Obviously, you will need to reset your attribute after the new session is created. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar Sent: Friday, May 11, 2001 4:17 PM To: Orion-Interest Subject: Session Invalidate Exception When we call invalidate() method on the session what happens? I was doing the following and I am getting a strange error. This is just a testcondition I am giving to reproduce my error. The reality is much complex. session.setAttribute(kesav, I am nice); session.invalidate(); HttpSession sess = request.getSession(false); if(sess == null) System.out.println(Session is null); Object obj = sess.getAttribute(kesav); After the invalidate I
Re: Session Invalidate Exception
By invalidating session we generally think that all the memory will be released but if invalidate doesn't actually release memore and make the session object null then we need to have our own measures for releasing the memory. My concern is more for the memore rathar than the program error handling. - Original Message - From: Noah Nordrum [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Saturday, May 12, 2001 1:31 PM Subject: Re: Session Invalidate Exception So have the page where the user enters their credentials wax their session, then the validation of the credentials page will create a new session. why do you have to invalidate the session? why can't you just do: === HttpSession session = request.getSession(); Enumeration attributes = session.getAttributeNames(); while (attributes.hasMoreElements()) { session.removeAttribute((String)attributes.nextElement()); } === Then you'll basically have a fresh session (except for a few exceptions). Noah - Original Message - From: Jeff Schnitzer [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Saturday, May 12, 2001 1:31 PM Subject: RE: Session Invalidate Exception I don't think that excludes the desired behavior, which is that you should be able to invalidate a session and then create a new one. It appears that session invalidate() is setting a flag in the session object causing it to be cleaned up sometime later. Since the only way to logout a user is to call invalidate(), this causes some headaches. Ideally I would like my login submit page to a) discard existing credentials and b) try new credentials. This way if a user was already logged in, the net result of a new login attempt will be the unauthenticated state. Unfortunately I can't call getSession().invalidate(); session = getSession(); because what I get is the old session, which is going to disappear at the end of the method, the call to RoleManager.login() notwithstanding. Furthermore, a failed call to RoleManager.login() does *not* discard existing credentials. The only way to accomplish the original goal is to put the invalidate() on every page with a login form. Ok, this isn't super critical, but it's annoying nevertheless. Jeff -Original Message- From: Noah Nordrum [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 7:09 PM To: Orion-Interest Subject: Re: Session Invalidate Exception Session Invalidate ExceptionServlet Spec == 7.2 Creating a Session Because HTTP is a request-response based protocol, a session is considered to be new until a client joins it. A client joins a session when session tracking information has been successfully returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of the session. The session is considered to be new if either of the following is true: . The client does not yet know about the session . The client chooses not to join a session. This implies that the servlet container has no mechanism by which to associate a request with a previous request. A Servlet Developer must design their application to handle a situation where a client has not, can not, or will not join a session. == That last line is what specifically applies to your situation, only backwards. In this case you are invalidating the HttpSession, but the client doesn't yet know about the pending invalidation, hense the IllegalStateException. Noah - Original Message - From: Kesav Kumar To: Orion-Interest Sent: Friday, May 11, 2001 7:23 PM Subject: RE: Session Invalidate Exception If there is no valid session getSession(false) should return null is in't it? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information -Original Message- From: Jason Coward [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 2:55 PM To: Orion-Interest Subject: RE: Session Invalidate Exception Kesav: I believe that when you call request.getSession(false), it will not create a new session if a valid one does not already exist. If you want to create a new one, right after invalidation of a previous session, call request.getSession() or request.getSession(true). Obviously, you will need to reset your attribute after the new session is created. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar Sent
RE: Session Invalidate Exception
Kesav, In order to release memory, we need to make sure that we use enterprise objects which are pooled by orion. As far as I know, these include stateless session beans, entity beans and stateful session beans. Each of these are recovered by the appserver as they fall out of context. Servlets and jsp's are also pooled by the appserver. However, the servlet context may include objects which stay in memory...but not real memory. These object should be serialized as the servlet time's out, or looses its session. One of the ideas behind application servers in general, and j2ee specifically is that we register our objects with the appserver, and the appserver should handle recovery of any objects (and therefore, memory) as necessary. If orion needs the memory, it will recover the objects which aren't being used, because they are part of a pool of objects. Don't worry so much about the memory stuff, because those guys in Sweden are taking care of this for us. Regards, the elephantwalker -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar Sent: Saturday, May 12, 2001 4:58 PM To: Orion-Interest Subject: Re: Session Invalidate Exception By invalidating session we generally think that all the memory will be released but if invalidate doesn't actually release memore and make the session object null then we need to have our own measures for releasing the memory. My concern is more for the memore rathar than the program error handling. - Original Message - From: Noah Nordrum [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Saturday, May 12, 2001 1:31 PM Subject: Re: Session Invalidate Exception So have the page where the user enters their credentials wax their session, then the validation of the credentials page will create a new session. why do you have to invalidate the session? why can't you just do: === HttpSession session = request.getSession(); Enumeration attributes = session.getAttributeNames(); while (attributes.hasMoreElements()) { session.removeAttribute((String)attributes.nextElement()); } === Then you'll basically have a fresh session (except for a few exceptions). Noah - Original Message - From: Jeff Schnitzer [EMAIL PROTECTED] To: Orion-Interest [EMAIL PROTECTED] Sent: Saturday, May 12, 2001 1:31 PM Subject: RE: Session Invalidate Exception I don't think that excludes the desired behavior, which is that you should be able to invalidate a session and then create a new one. It appears that session invalidate() is setting a flag in the session object causing it to be cleaned up sometime later. Since the only way to logout a user is to call invalidate(), this causes some headaches. Ideally I would like my login submit page to a) discard existing credentials and b) try new credentials. This way if a user was already logged in, the net result of a new login attempt will be the unauthenticated state. Unfortunately I can't call getSession().invalidate(); session = getSession(); because what I get is the old session, which is going to disappear at the end of the method, the call to RoleManager.login() notwithstanding. Furthermore, a failed call to RoleManager.login() does *not* discard existing credentials. The only way to accomplish the original goal is to put the invalidate() on every page with a login form. Ok, this isn't super critical, but it's annoying nevertheless. Jeff -Original Message- From: Noah Nordrum [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 7:09 PM To: Orion-Interest Subject: Re: Session Invalidate Exception Session Invalidate ExceptionServlet Spec == 7.2 Creating a Session Because HTTP is a request-response based protocol, a session is considered to be new until a client joins it. A client joins a session when session tracking information has been successfully returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of the session. The session is considered to be new if either of the following is true: . The client does not yet know about the session . The client chooses not to join a session. This implies that the servlet container has no mechanism by which to associate a request with a previous request. A Servlet Developer must design their application to handle a situation where a client has not, can not, or will not join a session. == That last line is what specifically applies to your situation, only backwards. In this case you are invalidating the HttpSession, but the client doesn't yet know about
RE: Session Invalidate Exception
Title: Session Invalidate Exception Kesav: I believe that when you call request.getSession(false), it will not create a new session if a valid one does not already exist. If you want to create a new one, right after invalidation of a previous session, call request.getSession() or request.getSession(true). Obviously, you will need to reset your attribute after the new session is created. Jason -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav KumarSent: Friday, May 11, 2001 4:17 PMTo: Orion-InterestSubject: Session Invalidate Exception When we call invalidate() method on the session what happens? I was doing the following and I am getting a strange error. This is just a testcondition I am giving to reproduce my error. The reality is much complex. session.setAttribute("kesav", "I am nice"); session.invalidate(); HttpSession sess = request.getSession(false); if(sess == null) System.out.println("Session is null"); Object obj = sess.getAttribute("kesav"); After the invalidate I was thinking that I won't get session object thats the reason I had a condition for null. What happening is I am getting a session object and when I try to access any attribute I am getting java.lang.IllegalStateException: Session was invalidated at com.evermind[Orion/1.4.8 (build 10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source) at /Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7) at com.orionserver[Orion/1.4.8 (build 10374)].http.OrionHttpJspPage.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._aj._nxd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)].server.http.JSPServlet.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._vfd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._qjc(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._kj._qbc(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._kj._oa(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._jw.run(Unknown Source) Any ideas why is it happening? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information
RE: Session Invalidate Exception
Title: Session Invalidate Exception If there is no valid session getSession(false) should return null is in't it? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information -Original Message-From: Jason Coward [mailto:[EMAIL PROTECTED]]Sent: Friday, May 11, 2001 2:55 PMTo: Orion-InterestSubject: RE: Session Invalidate Exception Kesav: I believe that when you call request.getSession(false), it will not create a new session if a valid one does not already exist. If you want to create a new one, right after invalidation of a previous session, call request.getSession() or request.getSession(true). Obviously, you will need to reset your attribute after the new session is created. Jason -Original Message-From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav KumarSent: Friday, May 11, 2001 4:17 PMTo: Orion-InterestSubject: Session Invalidate Exception When we call invalidate() method on the session what happens? I was doing the following and I am getting a strange error. This is just a testcondition I am giving to reproduce my error. The reality is much complex. session.setAttribute("kesav", "I am nice"); session.invalidate(); HttpSession sess = request.getSession(false); if(sess == null) System.out.println("Session is null"); Object obj = sess.getAttribute("kesav"); After the invalidate I was thinking that I won't get session object thats the reason I had a condition for null. What happening is I am getting a session object and when I try to access any attribute I am getting java.lang.IllegalStateException: Session was invalidated at com.evermind[Orion/1.4.8 (build 10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source) at /Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7) at com.orionserver[Orion/1.4.8 (build 10374)].http.OrionHttpJspPage.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._aj._nxd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)].server.http.JSPServlet.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._vfd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._qjc(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._kj._qbc(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._kj._oa(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._jw.run(Unknown Source) Any ideas why is it happening? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information
Re: Session Invalidate Exception
Session Invalidate ExceptionServlet Spec == 7.2 Creating a Session Because HTTP is a request-response based protocol, a session is considered to be new until a client joins it. A client joins a session when session tracking information has been successfully returned to the server indicating that a session has been established. Until the client joins a session, it cannot be assumed that the next request from the client will be recognized as part of the session. The session is considered to be new if either of the following is true: . The client does not yet know about the session . The client chooses not to join a session. This implies that the servlet container has no mechanism by which to associate a request with a previous request. A Servlet Developer must design their application to handle a situation where a client has not, can not, or will not join a session. == That last line is what specifically applies to your situation, only backwards. In this case you are invalidating the HttpSession, but the client doesn't yet know about the pending invalidation, hense the IllegalStateException. Noah - Original Message - From: Kesav Kumar To: Orion-Interest Sent: Friday, May 11, 2001 7:23 PM Subject: RE: Session Invalidate Exception If there is no valid session getSession(false) should return null is in't it? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information -Original Message- From: Jason Coward [mailto:[EMAIL PROTECTED]] Sent: Friday, May 11, 2001 2:55 PM To: Orion-Interest Subject: RE: Session Invalidate Exception Kesav: I believe that when you call request.getSession(false), it will not create a new session if a valid one does not already exist. If you want to create a new one, right after invalidation of a previous session, call request.getSession() or request.getSession(true). Obviously, you will need to reset your attribute after the new session is created. Jason -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED]]On Behalf Of Kesav Kumar Sent: Friday, May 11, 2001 4:17 PM To: Orion-Interest Subject: Session Invalidate Exception When we call invalidate() method on the session what happens? I was doing the following and I am getting a strange error. This is just a testcondition I am giving to reproduce my error. The reality is much complex. session.setAttribute(kesav, I am nice); session.invalidate(); HttpSession sess = request.getSession(false); if(sess == null) System.out.println(Session is null); Object obj = sess.getAttribute(kesav); After the invalidate I was thinking that I won't get session object thats the reason I had a condition for null. What happening is I am getting a session object and when I try to access any attribute I am getting java.lang.IllegalStateException: Session was invalidated at com.evermind[Orion/1.4.8 (build 10374)].server.http.EvermindHttpSession.getAttribute(Unknown Source) at /Test.jsp._jspService(/Test.jsp.java:30) (JSP page line 7) at com.orionserver[Orion/1.4.8 (build 10374)].http.OrionHttpJspPage.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._aj._nxd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)].server.http.JSPServlet.service(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._vfd(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._iib._qjc(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._kj._qbc(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._kj._oa(Unknown Source) at com.evermind[Orion/1.4.8 (build 10374)]._jw.run(Unknown Source) Any ideas why is it happening? Kesav Kumar Software Engineer Voquette, Inc. 650 356 3740 mailto:[EMAIL PROTECTED] http://www.voquette.com Voquette...Delivering Sound Information _ Do You Yahoo!? Get your free @yahoo.com address at http://mail.yahoo.com