CODEWITHSUNDEEP
javasecuritytomcat6tomcat5
aru
aru

Reputation: 129

httprequest.getsession is returning null

I have written one filter which would invalidate current session and create new session and copy attributes of old session into new session. This is working fine in tomcat5 and jdk 1,4 but when i switched it to tomcat6 and jdk 1.6 once the filter is running then for next request httprequest.getsession(false ) is null. Why its behaving differently in tomcat 6 . Please help. here is the code snippet

public void doFilter(ServletRequest request, ServletResponse response,
                        FilterChain chain) throws IOException, ServletException 
                        { 
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        System.out.println("within GenerteNewSessionFilter");
        System.out.println("within GenerteNewSessionFilter getRequestURI"+httpRequest.getRequestURI());
        System.out.println("within GenerteNewSessionFilter getRequestURL"+httpRequest.getRequestURL());

        System.out.println("within GenerteNewSessionFilter session false"+httpRequest.getSession(false));

        String reqUrl=httpRequest.getRequestURL().toString();
        if (reqUrl==null){
            reqUrl="";
        }
        int idxLogin=reqUrl.indexOf("LoginSubmit.jsp");
        int idxReg=reqUrl.indexOf("RegistrationSubmit.jsp");
        int idxErr=reqUrl.indexOf("Error");

    int idxSave=-1;
    System.out.println("within GenerteNewSessionFilter reqUrl "+reqUrl);
    System.out.println("within GenerteNewSessionFilter idxLogin index"+idxLogin);
    System.out.println("within GenerteNewSessionFilter idxReg index"+idxReg);
    System.out.println("within GenerteNewSessionFilter idxErr index"+idxErr);

    if (httpRequest.getSession(false) != null  &&  (idxLogin >0 || idxReg >0) && idxErr <0 ){
      //copy session attributes from old session to a map. 
        System.out.println("copy session attributes from old session to a map");
        HttpSession session = httpRequest.getSession();

      HashMap old=new HashMap();
      Enumeration keys = (Enumeration) session.getAttributeNames();
      while (keys.hasMoreElements()) {
        String key = (String) keys.nextElement();

       old.put(key, session.getAttribute(key));
          session.removeAttribute(key);


      }
      System.out.println("old  session id  "+session.getId());

      //invalidate session and create new session.
      session.invalidate();
      //create new session
      session = httpRequest.getSession(true);

      //copy session attributes from map session to new session
      Iterator it = old.entrySet().iterator(); //iterator
      while (it.hasNext()) {
          Map.Entry pairs = (Map.Entry)it.next();
          //putitng old attributes in to new session
          session.setAttribute((String) pairs.getKey(), pairs.getValue());

      }//end while loop
          System.out.println("end copy  session attributes");
          System.out.println("new session id status "+httpRequest.getSession(false));
          System.out.println("final new   session session id  "+session.getId());
    }
    chain.doFilter(request, response);
    }
      public void init(FilterConfig filterConfig) throws ServletException {


    }

}

Upvotes: 3

Views: 19645

Answers (2)

Eshwar Iyer
Eshwar Iyer

Reputation: 11

I faced a similar issue in 7.0.82. In 7.0.57 the httpRequest.getSession(false) returned a session (the session was already created), but in 7.0.82, it was returning null. Absolutely no code change, only the tomcat was upgraded.

I was able to resolve this by adding the JsessionId cookie manually.

HttpSession session = request.getSession(false);
Cookie userCookie;
if (request.getParameter("JSESSIONID") != null) {
    userCookie = new Cookie("JSESSIONID", 
    request.getParameter("JSESSIONID"));
} else {
String sessionId = session.getId();
userCookie = new Cookie("JSESSIONID", sessionId);
}
response.addCookie(userCookie);

Upvotes: 1

icza
icza

Reputation: 417592

The javadoc of HttpServletRequest.getSession(boolean create) clearly states that if you pass a false value to its parameter, it will only return the HttpSession if there is one existing already. If there is no session associated with the request, it will return null.

So if you invalidate your current session, obviously calling request.getSession(false) in your next request will return null.

If you want to create a new session after invalidating the current one, then use: request.getSession(true) or more simply: request.getSession().

Upvotes: 2

Related Questions