Examining Session Properties (Sun Java System Web Server 6.1 SP7 Programmer's Guide to Web Applications)

Sun Java System Web Server 6.1 SP7 Programmer's Guide to Web Applications

Examining Session Properties

Once a session ID has been established, use the methods in the HttpSession interface to examine session properties, and the methods in the HttpServletRequest interface to examine request properties that relate to the session.

The following table shows the methods used to examine session properties. The left column lists HttpSession methods, and the right column lists descriptions of these methods.

Table 4–1 HttpSession Methods


HttpSession Method	Description
`getCreationTime()`	Returns the session time in milliseconds since January 1, 1970, 00:00:00 GMT.
`getId()`	Returns the assigned session identifier. An HTTP session's identifier is a unique string that is created and maintained by the server.
`getLastAccessedTime()`	Returns the last time the client sent a request carrying the assigned session identifier (or `-1` if it’s a new session) in milliseconds since January 1, 1970, 00:00:00 GMT.
`isNew()`	Returns a Boolean value indicating if the session is new. It’s a new session if the server has created it and the client has not sent a request to it. This means the client has not acknowledged or joined the session and may not return the correct session identification information when making its next request.

For example:

String mySessionID = mySession.getId();
     if ( mySession.isNew() ) {
         log.println(currentDate);
        log.println("client has not yet joined session " + mySessionID);
     }

The following table shows the methods used to examine servlet request properties. The left column lists HttpServletRequest methods, and the right column lists descriptions of these methods.

Table 4–2 HttpServletRequest Methods


HttpServletRequest Method	Description
`getRequestedSessionId()`	Returns the session ID specified with the request. This may differ from the session ID in the current session if the session ID given by the client is invalid and a new session was created. Returns null if the request does not have a session associated with it.
`isRequestedSessionIdValid()`	Checks if the request is associated to a currently valid session. If the session requested is not valid, it is not returned through the `getSession()` method.
`isRequestedSessionIdFromCookie()`	Returns `true` if the request's session ID provided by the client is a cookie, or `false` otherwise.
`isRequestedSessionIdFromURL()`	Returns `true` if the request's session ID provided by the client is a part of a URL, or `false` otherwise.

For example:

if ( request.isRequestedSessionIdValid() ) {
        if ( request.isRequestedSessionIdFromCookie() ) {
           // this session is maintained in a session cookie
         }
        // any other tasks that require a valid session
      } else {
        // log an application error
      }