CODEWITHSUNDEEP
java
EdgeCase
EdgeCase

Reputation: 4827

request.getSession().getId() versus session.getId()

I am working on some code by a departed consultant. I am trying to understand if there is a difference between the session variable passed to the method, and the one that is returned by req.getSession()

When I inspect them in the debugger, they appear to be the same. Is there a reason not to just get the id directly from session.getId() variable, rather than req.getSesssion.getId()?

public void enqueueRequest(
        HttpSession session,
        HttpServletRequest req,
        HttpServletResponse res) throws IOException {

            req.getSession().removeAttribute(TIME_STAMP);
            ResponseCache.INSTANCE.remove(req.getSession().getId());
        }
}

vs

session.getId();
session.removeAttribute(TIME_STAMP);

Upvotes: 2

Views: 3572

Answers (2)

user207421
user207421

Reputation: 310883

It's poor design. You're not going to be able to access anyone else's session, and the session is already available via the request, so the session argument is redundant. If you have the opportunity, delete it.

Upvotes: 2

Subhrajyoti Majumder
Subhrajyoti Majumder

Reputation: 41200

HttpServletRequest#getSession returns the current session Object associated with http request. If your Session object and Session Object associated with http request is same then id will be same as because Object is same.

As per Documentation

Returns the current session associated with this request, or if the request does not have a session, creates one.

Upvotes: 3

Related Questions