Menu
I am facing very strange problem while developing JavaEE WEB Application.
Even after invalidating the HttpSession using session.invalidate();, I am not getting session null. There is a case where I have one statement in execution like below after invalidating session.
if (null != session && null != session.getAttribute("loginToken")){
//do something
}
I am not getting session null here so second condition will try to execute. And hence session is not null, so I am getting IllegalStateException - session is already invalidated. But why session is not null after invalidating it?? :(
212
Session invalidation means session destroying.So if session is destroyed,it indicates that server cant identify the client which has visited in previous.So now it creates a new session id for that client.
– Retrieve a session from “request. getSession(false);”, this function will return a session if existed , else a null value will return. – Later you can do a “null” checking with the session object, null means no existed session available.
Direct the session to invalidate itself automatically after being inactive for a defined time period. Alternatively, invalidate the session manually with the HttpSession method invalidate().
removeAttribute. Removes the object bound with the specified name from this session.
Calling session.invalidate() removes the session from the registry. Calling getSession(false) afterwards will return null (note that getSession() or getSession(true) will create a new session in this case, see HttpServletRequest API). Calling invalidate() will also remove all session attributes bound to the session. However if your code still has references to the session or any of its attributes then these will still be accessible:
// create session if none exists (default) and obtain reference
HttpSession session = request.getSession();
// add a session attribute
session.setAttribute("lollypop", "it's my party");
// obtain reference to session attribute
Object lollypop = session.getAttribute("lollypop");
// print session ID and attribute
System.out.println(session.getId());
System.out.println(lollypop);
session.invalidate();
// session invalidated but reference to it still exists
if (session == null) {
System.out.println("This will never happen!");
}
// print ID from invalidated session and previously obtained attribute (will be same as before)
System.out.println(session.getId());
System.out.println(lollypop);
// print 'null' (create=false makes sure no new session is created)
System.out.println(request.getSession(false));
Example output:
1k47acjdelzeinpcbtczf2o9t
it's my party
1k47acjdelzeinpcbtczf2o9t
it's my party
null
So far for the explanation. To solve your problem you should do:
HttpSession existingSession = request.getSession(false);
if (existingSession != null && existingSession.getAttribute("loginToken") != null){
//do something
}
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
