#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2003
    Posts
    7
    Rep Power
    0

    When to remove session attribute when a session last through several servlets


    Hello everyone,

    The whole scenario is described as following:

    First a user logged in to a website, as usual he comes to the main page. The main page has several links , each of which links to different servlet (application). That means during a user's session, he will interact with several servlets(applications).
    Now I am writing one of these applications, which will have several jsp pages, I want to share some parameters between those pages, then session is a good place to store them. But these parameters are only to be used in my application, after the user goes back to the home page clicking to the other application,
    he won't need those information any more.

    But now I can not come up a good idea when to remove those attributes from session. Cause if I put "session.removeAttribute()" in jsp page, you don't know if user will visit the same page again. Maybe I should put some logic in the "home" link, when he
    wants to go back to homepage, that means he wants to leave my application for a while, then I can delete the session attribute I put during my application.

    Did anyone meet the same problem before ?

    Thanks,

    Rachel
  2. #2
  3. No Profile Picture
    Clueless llama
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Feb 2001
    Location
    Lincoln, NE. USA
    Posts
    2,353
    Rep Power
    117
    This is a common question in using sessions - when and if to get rid of sesson variables. It also strikes upon the non-linear navigation method of web apps. Since it is near impossible to force an entry and exit point for a web app, it is near impossible to judge when a user has "left" your application.

    Is it possible that the user will go to the home page and then return to your "app" in a relatively short time? If so I would just leave the session variables in memory. As a rule, you should not put large amounts of data in the session anyway. This is memory wasteful and can significantly slow down the server for all involved. If you follow this rule, then the small amount of info you have in the session should not pose a problem.

    I am assuming you do not have access to change the home page. If you do and really want to 'cleanse' the session, then doing a session.invalidate() will remove everything and start with a clean slate. The problem with merely changing the "home" links on your apps pages is that a user can use the back button to get back to the home page, bypassing your workaround.

    Lastly, I want to confirm your meaning of "application". When you say that the home page has links to several applications, are these simply a servlet(s) and some jsp's that you create and work together, but share a common context? What I mean by this is, is your "application" and the other applications in the same web app? Do they have the same prefix (such as http://myHost.com/webapp/mystuff)?
    If they are in different web apps, then they will not share a session anyway. Your session variables and the session variables of the other web apps will be seperated. Here is a quote form the javadocs
    Session information is scoped only to the current web application (ServletContext), so information stored in one context will not be directly visible in another.
    If the method call request.getContextPath() returns something different in your stuff than it does in the stuff the other people have written, you don'y have to worry about contaminating their sessions.

    Hope that helps
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Apr 2003
    Posts
    7
    Rep Power
    0
    Thanks for replying me. :-)

    They are independent applications, having different context paths. Then as you mentioned I do not have to worry about my session contaminating other sessions created by other applications. Thank you for helping me to clarify the concept.

    But I have one more question, if the user first entered to my application with session1, then he left to other applications, after some time, he came back to my application again
    with session2, would session1 and session2 be the same session or that depends on the session timeout interval ?

    Thanks a lot !

    Rachel
  6. #4
  7. No Profile Picture
    Clueless llama
    Devshed Regular (2000 - 2499 posts)

    Join Date
    Feb 2001
    Location
    Lincoln, NE. USA
    Posts
    2,353
    Rep Power
    117
    A users session will be active until it times out. They can leave your site for up to the timeout interval (normally 30 minutes), then their session will be invalidated by the app server. If they come back after the session times out, a new session will be made for them.

IMN logo majestic logo threadwatch logo seochat tools logo