In servlet: Given session-ID, how to retrieve session object?

[Robert Maas, see http://tinyurl.com/uh3t]

I'm writing a J2EE HttpServlet. The user logs in, gets a menu back,
then clicks on something in the menu to invoke some particular servlet
task. If cookies are enabled, the J2EE servlet container uses the
jsession (or something like that) cookie to retrieve the same old
session object on each HTTP connection. But if cookies aren't enabled,
a new session object is constructed on each new HTTP connection. But
within the form filled out by the user, there's a hidden field
containing the session ID, so even when cookies aren't enabled the
servlet knows the correct session ID and can perform stateless queries
for this user. The application stores login status in a table in a
database, so recognizing the session ID is valid, and from that knowing
which user is re-connecting, is no problem. Also for simple textual or
numeric data that needs to be retained from connection to connection,
storing the data, associated with the session-ID as a key, in the
database, is no problem. But what if I want to store a more complex
Java object in the session object and retrieve it upon
HTTP-reconnection? Is there any way the servlet can query the J2EE
servlet container to find out whether this known session-ID is
associated with any still-existing session object, and if so return
that session object so the servlet can then retrieve Java objects that
had been previously stored in it? I looked in the API spec for
HttpSession, HttpServlet and even HttpServletRequest, but I didn't find
any such method anywhere in there. Anybody know any such? I would hate
ot have to serialize an object and write the serialization as one
humungous varchar to a database, maybe broken into many pieces to fit
the maximum varchar allowed in CloudScape (here where I'm developing
the program) or MicroSoft ACCESS (on campus where I must demo it), or
write the serialization to a disk file in the system temporary
directory and put the filename in the database.

(Note, I'm using Java version 1.3.1 here, if that makes any difference.)
(and version 1.4.1 on campus, so whatever must work in both.)

 

[Neill]

message
2 thoughts come to mind,

1) URL rewriting should accomplish session retention, and is an accepted
practice. It sounds as though you are intentionally not requiring a valid
session. Since this appears to be the case, and since the problem appears to
be one of session persistence, you could

2) persist the session to a relational database as you've suggested. Does it
need to be a varchar, or can it be a BLOB, or CLOB?

I haven't ever attempted #2, but there's no reason you couldn't do it, and I
would be interested to know how it works out for you.

 

[Robert Maas, see http://tinyurl.com/uh3t]

URL rewriting should accomplish session retention, and is an accepted
practice.

Indeed at one point I manually explored the url rewriting features in
J2EE to get a feel for what they did, namely attach the
jsession=4392gijh3w0iochgtiuo4hgui0
(tag always the same, value is whatever the session ID was) after
question mark after the URL. I was thinking of doing something like
that to be consistent with the way J2EE works.

It sounds as though you are intentionally not requiring a valid
session.

I suspect the difference between J2EE (where I developed the servlet
and where I had no problems regarding session ID, always had it around)
and Tomcat (sans the rest of J2EE, where I tested the same servlet and
had the problem in certain cases such as when user typed user name and
password but was already logged in under another session ID). Perhaps
J2EE maintains sessions better than Tomcat by itself?

persist the session to a relational database as you've suggested.
Does it need to be a varchar, or can it be a BLOB, or CLOB?

I only slightly heard of those and never had a use for them, so I don't
even know whether they'd be available in a compatible way in both
CloudScape and MicroSoft ACCESS. If I were still working on servlets, I
might give them a try.