2. How to Use Sessions
• To use a session, first create a session using
the HttpServletRequest method getSession().
• Once the session is established, examine and set its properties
using the provided methods.
• If desired, set the session to time out after being inactive for a
defined time period, or invalidate it manually.
What we Look further ?
• Creating or Accessing a Session
• Examining Session Properties
• Binding Data to a Session
• Invalidating a Session
3. Creating or Accessing a Session
• To create a new session or gain access to an existing session,
use the HttpServletRequest method getSession()
• HttpSession mySession = request.getSession();
• getSession() - Returns the current session associated with this
request, or if the request does not have a session, creates one.
• getSession(boolean create) - Returns the current HttpSession
associated with this request or, if there is no current session
and arument passed is true then it returns a new session.
• false parameter to getSession() prevents the servlet from
creating a new session if one does not already exist.
4. Examining Session Properties
• Once a session ID has been established, use the methods in
the HttpSession interface to examine session properties, and
the methods in the HttpServletRequest interface to examine
request properties that relate to the session.
HttpSession Method Description
getCreationTime() Returns the session time in milliseconds since January 1,
1970, 00:00:00 GMT.
getId() Returns the assigned session identifier. An HTTP session's
identifier is a unique string that is created and maintained
by the server.
getLastAccessedTime() Returns the last time the client sent a request carrying the
assigned session identifier (or -1 if it’s a new session) in
milliseconds since January 1, 1970, 00:00:00 GMT.
isNew() Returns a Boolean value indicating if the session is new. It’s
a new session if the server has created it and the client has
not sent a request to it. This means the client has not
acknowledged or joined the session and may not return the
correct session identification information when making its
next request.
5. Contd…
HttpServletRequest Method Description
getRequestedSessionId() Returns the session ID specified with the request. This may
differ from the session ID in the current session if the session
ID given by the client is invalid and a new session was
created. Returns null if the request does not have a session
associated with it.
isRequestedSessionIdValid() Checks if the request is associated to a currently valid
session. If the session requested is not valid, it is not
returned through the getSession() method.
isRequestedSessionIdFromCookie() Returns true if the request's session ID provided by the client
is a cookie, or falseotherwise.
isRequestedSessionIdFromURL() Returns true if the request's session ID provided by the client
is a part of a URL, or false otherwise.
6. Binding Data to a Session
HttpSession Method Description
getAttribute() Returns the object bound to a given name in the session, or
null if there is no such binding.
getAttributeNames() Returns an array of names of all attributes bound to the
session.
setAttribute() Binds the specified object into the session with the given
name. Any existing binding with the same name is
overwritten. For an object bound into the session to be
distributed it must implement the serializable interface.
removeAttribute() Unbinds an object in the session with the given name. If
there is no object bound to the given name, this method
does nothing.
7. Invalidating a Session
• Direct the session to invalidate itself automatically after being
inactive for a defined time period.
• Alternatively, invalidate the session manually with
the HttpSession method invalidate().
Invalidating a Session Manually
• To invalidate a session manually, simply call the following
method:
• session.invalidate();
• All objects bound to the session are removed.
8. Setting a Session Timeout
In Web.xml Session Configuration
<session-config>
<session-timeout>30</session-timeout>
</session-config>