Expand my Community achievements bar.

Enhance your AEM Assets & Boost Your Development: [AEM Gems | June 19, 2024] Improving the Developer Experience with New APIs and Events
SOLVED

Create a user specific HTTP session

Avatar

Level 5

I need to create an HTTP session.

 

Issue -> If I'm hitting the servlet using two different query params, it is not creating two different sessions. For the first request, a new session is created, but for second request, session.isNew() is returning false with same session ID. What can be the issue?

HttpSession userSession = request.getSession();
LOGGER.info("User session is {}", userSession.getId());
LOGGER.info("User session is new {}", userSession.isNew());
1 Accepted Solution

Avatar

Correct answer by
Community Advisor

A session starts when the user requests for the first page. The session will be same for subsequent requests in the same browser. New session will be created only if the user hasn’t requested any pages for a given amount of time (timeout) or user logged out from the system or request from new browser.

HttpSession getSession() - This method always returns a HttpSession object. It returns the session object attached with the request, if the request has no session attached, then it creates a new session and return it.

If you want to invalidate current session, you can invalidate a session like this:

request.getSession(false).invalidate();

Reference: https://www.digitalocean.com/community/tutorials/java-session-management-servlet-httpsession-url-rew...

View solution in original post

3 Replies

Avatar

Correct answer by
Community Advisor

A session starts when the user requests for the first page. The session will be same for subsequent requests in the same browser. New session will be created only if the user hasn’t requested any pages for a given amount of time (timeout) or user logged out from the system or request from new browser.

HttpSession getSession() - This method always returns a HttpSession object. It returns the session object attached with the request, if the request has no session attached, then it creates a new session and return it.

If you want to invalidate current session, you can invalidate a session like this:

request.getSession(false).invalidate();

Reference: https://www.digitalocean.com/community/tutorials/java-session-management-servlet-httpsession-url-rew...

Avatar

Community Advisor

Hello @goyalkritika ,

It might be you are hitting the query params from the same browser. Please, try with a different browser window or from a different PC. This should not happen different requests get the same session.

Avatar

Employee

@goyalkritika 

By default, HTTP sessions in Java servlets are managed using cookies. When the server creates a new session for the first request, it sends a unique session ID to the client as a cookie. Subsequent requests from the same client should include this session ID in the request headers to maintain the same session. If your client is not sending the session ID cookie with the second request, the server will not recognize it as a new session and will associate it with the existing session.

Try using different browsers. it will work as expected.