Create a user specific HTTP session | Community
Skip to main content
G
goyalkritika
Level 4
July 19, 2023
Solved

Create a user specific HTTP session

  • July 19, 2023
  • 3 replies
  • 1872 views

I need to create an HTTP session.

 

Issue -> If I'm hitting the servlet using two different query params, it is not creating two different sessions. For the first request, a new session is created, but for second request, session.isNew() is returning false with same session ID. What can be the issue?

HttpSession userSession = request.getSession(); LOGGER.info("User session is {}", userSession.getId()); LOGGER.info("User session is new {}", userSession.isNew());
This post is no longer active and is closed to new replies. Need help? Start a new post to ask your question.
Best answer by Mahedi_Sabuj

A session starts when the user requests for the first page. The session will be same for subsequent requests in the same browser. New session will be created only if the user hasn’t requested any pages for a given amount of time (timeout) or user logged out from the system or request from new browser.

HttpSession getSession() - This method always returns a HttpSession object. It returns the session object attached with the request, if the request has no session attached, then it creates a new session and return it.

If you want to invalidate current session, you can invalidate a session like this:

request.getSession(false).invalidate();

Reference: https://www.digitalocean.com/community/tutorials/java-session-management-servlet-httpsession-url-rewriting

3 replies

Mahedi_Sabuj
Community Advisor
Mahedi_SabujCommunity AdvisorAccepted solution
Community Advisor
July 19, 2023

A session starts when the user requests for the first page. The session will be same for subsequent requests in the same browser. New session will be created only if the user hasn’t requested any pages for a given amount of time (timeout) or user logged out from the system or request from new browser.

HttpSession getSession() - This method always returns a HttpSession object. It returns the session object attached with the request, if the request has no session attached, then it creates a new session and return it.

If you want to invalidate current session, you can invalidate a session like this:

request.getSession(false).invalidate();

Reference: https://www.digitalocean.com/community/tutorials/java-session-management-servlet-httpsession-url-rewriting

Mahedi Sabuj
    Sady_Rifat
    Community Advisor
    Sady_RifatCommunity Advisor
    Community Advisor
    July 19, 2023

    Hello @goyalkritika ,

    It might be you are hitting the query params from the same browser. Please, try with a different browser window or from a different PC. This should not happen different requests get the same session.

      Nishant-Singh
      Adobe Employee
      Nishant-SinghAdobe Employee
      Adobe Employee
      July 19, 2023

      @goyalkritika 

      By default, HTTP sessions in Java servlets are managed using cookies. When the server creates a new session for the first request, it sends a unique session ID to the client as a cookie. Subsequent requests from the same client should include this session ID in the request headers to maintain the same session. If your client is not sending the session ID cookie with the second request, the server will not recognize it as a new session and will associate it with the existing session.

      Try using different browsers. it will work as expected.

        Terms & ConditionsAccessibility statement

        Loading footer...