Menu
I want to get Java HttpSession by JSESSIONID. Is it possible? If yes, how?
518
Interface HttpSession. public interface HttpSession. Provides a way to identify a user across more than one page request or visit to a Web site and to store information about that user. The servlet container uses this interface to create a session between an HTTP client and an HTTP server.
JSESSIONID is a cookie in J2EE web application which is used in session tracking. Since HTTP is a stateless protocol, we need to use any session to remember state. JSESSIONID cookie is created by web container and send along with response to client.
The JSESSIONID is used to ensure that loadbalancers properly route communications to and from the correct client/server partners. By default, Oracle Forms requests a JSESSIONID be generated and maintained in the URL of each exchange between the client and server.
You need to collect them all in a Map using a HttpSessionListener yourself.
public class HttpSessionCollector implements HttpSessionListener {
private static final Map<String, HttpSession> sessions = new HashMap<String, HttpSession>();
@Override
public void sessionCreated(HttpSessionEvent event) {
HttpSession session = event.getSession();
sessions.put(session.getId(), session);
}
@Override
public void sessionDestroyed(HttpSessionEvent event) {
sessions.remove(event.getSession().getId());
}
public static HttpSession find(String sessionId) {
return sessions.get(sessionId);
}
}
Just register it in web.xml as follows to run it:
<listener>
<listener-class>com.example.HttpSessionCollector</listener-class>
</listener>
Then, anywhere you want just do HttpSessionCollector.find(sessionId) to get the HttpSession in question.
That said, this is a huge smell. There are certainly better ways to solve the actual functional requirement than this ;) As I commented in your follow-up question:
This is the 2nd time that you asked a question which in real world should never be practiced. Honestly said, this all smells. What is it, the problem for which you think that getting the
HttpSessionassociated with JSESSONID in server side and getting the JSESSIONID value in client side is "the" solution? Elaborate about this in a new question, you'll get answers how to do it the right way.
Take it serious. We're not teasing you, we're just trying to help you in the right direction to avoid that your project/webapp will break due to security holes and bad practices and/or that you will get fired.
135
You can do it as per BalusC's answer, but the existence of such a facility is a prima facie security breach between different users. You shouldn't be building things like this into your application.
41
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
