java - Why is my servlet session not persistent? -
my servlet working expected other when close browser (i not deleting cookies), session lost. how can save session indefinitely until invalidate or delete cookies?
@webservlet(name="servletone", urlpatterns={"/", "/servletone"}) public class servletone extends httpservlet { private static final long serialversionuid = 1l; public void doget(httpservletrequest request, httpservletresponse response) throws servletexception, ioexception { httpsession session = request.getsession(true); string newvalue = request.getparameter("newvalue"); if (session.isnew()) { session = request.getsession(true); session.setattribute("myattribute", "value"); } if (newvalue != null) session.setattribute("myattribute", newvalue); requestdispatcher rd = request.getrequestdispatcher("test.jsp"); rd.forward(request, response); } public void dopost(httpservletrequest request, httpservletresponse response) throws servletexception, ioexception { doget(request, response); } }
my jsp:
<%@ page language="java" contenttype="text/html; charset=utf-8" pageencoding="utf-8"%> <%@ taglib prefix="c" uri="http://java.sun.com/jsp/jstl/core" %> <!doctype html public "-//w3c//dtd html 4.01 transitional//en" "http://www.w3.org/tr/html4/loose.dtd"> <html> <head> <meta http-equiv="content-type" content="text/html; charset=utf-8"> <title>insert title here</title> </head> <body> val == <c:out value="${myattribute}"></c:out><br> <form action="servletone" method="post"> <input type="text" name="newvalue" /> <input type="submit" /> </form> </body> </html>
if close browser , reopen it, myattribute
set default "value".
it misunderstood how session cookies work.
session cookies live long browser instance lives , you're firing http requests on target url covered cookie's path
within time before default server side session expiration time — defaults 30 minutes.
once close browser instance (read: browser session), session cookies gone. specified, expected , natural behavior. web browsers have worked way decades. please note httpsession
instance associated cookie still present in server. if implement httpsessionlistener
based on related answer sessiontimeout: web.xml vs session.maxinactiveinterval(), you'll notice sessiondestroyed()
method isn't invoked when browser closed, after little more 30 minutes.
if reopen browser instance , perform session hijacking attack within time before server-side expiration, you'll able retain associated httpsession
instance.
see also:
now, coming concrete functional requirement of keeping cookie alive longer browser session, quite simple: create own cookie not session cookie. i.e. not set cookie's maxage
-1
(default value), instead set specified time in seconds.
cookie cookie = new cookie("somecommonname", "someuniquevalue"); cookie.setmaxage(ageinseconds); // use e.g. 2952000 30 days. response.addcookie(cookie);
the someuniquevalue
can in turn java.util.uuid
. can use value key of data storage system (a sql db?) wherein save myattribute
value. on every subsequent request, check presence of cookie via request.getcookies()
. way can associate client. if necessary, cache in http session don't need check every single http request.
@admin
ReplyDeleteWe provide quality dental care, conveniently in your neighborhood, and cater to your schedule. Because your comfort is important to us, we offer many of the modern amenities you’ve come to expect in a dental office.
Regards,
Dentist In Northampton, MA
@admin
ReplyDeleteOur dental team is committed to excellent oral health for our patients. We offer comprehensive dental care and brilliant cosmetic dentistry to EAST HARTFORD and the surrounding areas.
Regards,
Dentist In East Hartford, CT