Skip to content

Session attribute listener

July 25, 2008

Issues in it

When the user is clicking log out – a old session is removed okay?

And then a new session is started – when he relogins? but if the user is using the same login window then the new session is not created. The old session id is reused – but the attribute is rebinded to the session – so in the database the session id is being used as the unique key and this insertion fails.

Test Scenario

Can we test this with a simple jsp with two buttons of Login and Logout – that create and destroy the session on the same page?.And the attribute listener for the same?.

(A) – Meanwhile possible solution that came to my mind is to check before insertion if session id already exists? If it does – then – do not re-insert – but that is a problem since –

A  SID0000 Login ok,  Logout ok  Counter = 1

A SID0000 Error — in insertion (This user’s record cant be inserted and db shows wrong data!)

So while the logs show the user logging in and logging out. the database does not show this information.

So this solution is rejected.

(B) Tried to use EL – was getting error. Determined that it was because of old Doctype usage. Modified that  Was using the incorrect syntax in EL , Corrected that, pageContext.request.contextPath, instead of request.contextPath. Need to revise stuff from  http://java.boot.by/wcd-guide/ch07.html

Okay – for the same browser there after logging out – and logging in again – i have concluded it is the application which is not calling session.invalidate because of which the same session is being used.

Flaw in application? Need to confirm this behavior?.

Advertisements
No comments yet

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: