Menu
I have a servlet which handles a multipart form post. The post is actually being made by a Flash file upload component embedded in the page. In some browsers, the Flash-generated POST doesn't include the JSESSIONID which is making it impossible for me to load certain information from the session during the post.
The flash upload component does include cookie and session information within a special form field. Using this form field, I can actually retrieve the JSESSIONID value. The problem is, I don't know how to use this JSESSIONID value to manually load that specific session.
Edit - Based on ChssPly76's solution, I created the following HttpSessionListener implementation:
@Override public void sessionCreated(final HttpSessionEvent se) { final HttpSession session = se.getSession(); final ServletContext context = session.getServletContext(); context.setAttribute(session.getId(), session); } @Override public void sessionDestroyed(final HttpSessionEvent se) { final HttpSession session = se.getSession(); final ServletContext context = session.getServletContext(); context.removeAttribute(session.getId()); } Which adds all sessions to the ServletContext as attributes mapped by their unique ids. I could put a Map of sessions in the context instead, but it seems redundant. Please post any thoughts on this decision. Next, I add the following method to my servlet to resolve the session by id:
private HttpSession getSession(final String sessionId) { final ServletContext context = getServletContext(); final HttpSession session = (HttpSession) context.getAttribute(sessionId); return session; } 
748
JSESSIONID is a cookie generated by Servlet containers and used for session management in J2EE web applications for HTTP protocol. If a Web server is using a cookie for session management, it creates and sends JSESSIONID cookie to the client and then the client sends it back to the server in subsequent HTTP requests.
To use a session, first create a session using the HttpServletRequest method getSession(). Once the session is established, examine and set its properties using the provided methods. If desired, set the session to time out after being inactive for a defined time period, or invalidate it manually.
JSESSIONID is a cookie in J2EE web application which is used in session tracking. Since HTTP is a stateless protocol, we need to use any session to remember state. JSESSIONID cookie is created by web container and send along with response to client.
There is no API to retrieve session by id.
What you can do, however, is implement a session listener in your web application and manually maintain a map of sessions keyed by id (session id is retrievable via session.getId()). You will then be able to retrieve any session you want (as opposed to tricking container into replacing your current session with it as others suggested)
89
A safe way to do it is to set the jsession id in the cookie - this is much safer than setting it in the url.
Once it is set as a cookie, then you can retrieve the session in the normal way using
request.getSession(); method.setRequestHeader("Cookie", "JSESSIONID=88640D6279B80F3E34B9A529D9494E09"); If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
