tags:

views:

1719

answers:

3
+2  Q: 

How can I manually load a Java session using a JSESSIONID?

I have a servlet which handles a multipart form post. The post is actually being made by a Flash file upload component embedded in the page. In some browsers, the Flash-generated POST doesn't include the JSESSIONID which is making it impossible for me to load certain information from the session during the post.

The flash upload component does include cookie and session information within a special form field. Using this form field, I can actually retrieve the JSESSIONID value. The problem is, I don't know how to use this JSESSIONID value to manually load that specific session.

Edit - Based on ChssPly76's solution, I created the following HttpSessionListener implementation:

    @Override
    public void sessionCreated(final HttpSessionEvent se) {
     final HttpSession session = se.getSession();
     final ServletContext context = session.getServletContext();
     context.setAttribute(session.getId(), session);
    }

    @Override
    public void sessionDestroyed(final HttpSessionEvent se) {
     final HttpSession session = se.getSession();
     final ServletContext context = session.getServletContext();
     context.removeAttribute(session.getId());
    }

Which adds all sessions to the ServletContext as attributes mapped by their unique ids. I could put a Map of sessions in the context instead, but it seems redundant. Please post any thoughts on this decision. Next, I add the following method to my servlet to resolve the session by id:

    private HttpSession getSession(final String sessionId) {
     final ServletContext context = getServletContext();
     final HttpSession session = (HttpSession) context.getAttribute(sessionId);
     return session;
    }
A: 

That's not possible. What you need to do is construct the URL with the JSESSIONID in it like so:

/some/path;jsessionid=1234abcd?arg1=val1&arg2=val2

This will allow you to retrieve the session like usual using request.getSession().

Taylor Leese  2009-09-30 17:38:22
A: 

There is no way within the servlet spec, but you could try:

  • manually setting the cookie in the request made by Flash

  • or doing as Taylor L just suggested as I was typing and adding the jsessionid parameter the path of the URI.

Both methods will tie your app to running on a servlet container that behaves like Tomcat; I think most of them do. Both will also require your Flash applet asking the page for its cookies, which may impose a JavaScript dependency.

Andrew Duffy  2009-09-30 17:40:23
+2  A: 

There is no API to retrieve session by id.

What you can do, however, is implement a session listener in your web application and manually maintain a map of sessions keyed by id (session id is retrievable via session.getId()). You will then be able to retrieve any session you want (as opposed to tricking container into replacing your current session with it as others suggested)

ChssPly76  2009-09-30 17:42:50
This is clever.
Andrew Duffy  2009-09-30 17:46:32
My only concern with this is the human error portion where you will have a developer introduce some code using request.getSession() rather than using the map of session id's. I believe the "simpler" solution is to construct the URL appropriately.
Taylor Leese  2009-09-30 17:48:51
Two ways I can imagine the servlet asking the listener for the session map: listener is a singleton, or placing the map in the ServletContext
rcampbell  2009-09-30 18:04:53
Your listener is going to be a singleton without you having to hold on to its instance in a static variable - simply because you'll only ever declare it once in the web.xml. How do you communicate between said listener and your servlet is up to you - you can make it a "true" singleton; you can inject it into session during event handling or you can use some shared space (servlet context won't help as it's not accessible from the listener)
ChssPly76  2009-09-30 19:11:15
How about using a Filter to wrap every ServletRequest and replace getSession with an implementation that checks for a session id supplied by Flash, looks up the session from the map built by the SessionListener, and defers to the wrapped request's implementation if either the Flash parameter or the referenced session isn't present.
Andrew Duffy  2009-10-01 09:25:24

related questions

Java Time Zone is messed up
Eclipse on win64
Automate builds for Java RCP for deployment with JNLP
Why are professors or schools picking Java over C++ to teach to students?
Is there a real benefit of using J#?
Public/Popular Websites using JavaServer Faces
Why can't I use a try block around my super() call?
Accessing post variables using Java Servlets
Personal Linux web server
Is this really widening vs autoboxing?
How can I Java webstart multiple, dependent, native libraries?
Why can't I call toString() on a Java primitive?
How do I use Java to read from a file that is actively being written?
What code analysis tools do you use for your Java projects?
IllegalArgumentException or NullPointerException for a null parameter?
How do I configure and communicate with a serial port?
What is the best way to parse strings in Java
Getting started with a custom JXTA PeerGroup
Creating a custom button in Java
How to get started "writing" a code coverage tool?
Which Build-/Configuration Management Tool?
What is the difference between an int and an Integer in Java/C#?
What is the meaning of the type safety warning in certain Java generics casts?
How would you access Object properties from within an object method?
Converting CSV File to XML in Java