2

Inside filter I am trying to set one attribute to the current http session. Then I am redirecting to another resource using response.sendRedirect(). The resource sends the request back to the filter. Second time the session losses the session attribute.

Please provide some pointer.

First Request is as below:

HttpSession objSession = request.getSession(true);
objSession.setAttribute("wasRequestURL", completeURL);

Second request is as below:

if (null != objSession.getAttribute("wasRequestURL") && 
    !"".equals(objSession.getAttribute("wasRequestURL").toString().trim())) {

    requestedURL = objSession.getAttribute("wasRequestURL").toString();

    logger.info("The session value for wasRequestURL is :::"+requestedURL);
}
Liam
  • 1,041
  • 2
  • 17
  • 31
Sashikant
  • 97
  • 1
  • 4
  • 13

3 Answers3

0

Most likely you are loosing your first session object in between. This can be verified by using 

HttpSession objSession=request.getSession(false);//don't create session when absent

in your second request. I am almost sure, it will return null since your first session is lost. If so, please investigate your mechanism/configuration created around the session.

Yogendra Singh
  • 33,927
  • 6
  • 63
  • 73
  • 1
    I agree to the point that session is not shared. I even tried to store the info in cookie.But likewise I am loosing the cookie info during redirection. Please suggest any other means(other than Database) which would persist some information during multiple redirection. – Sashikant Nov 16 '12 at 17:55
  • @Sashikant How are you redirecting? – Yogendra Singh Nov 16 '12 at 17:57
  • response.sendRedirect("some url to another server"); – Sashikant Nov 16 '12 at 17:59
  • @Sashikant: Did you try basic behavior first i.e. `request->response->request` is maintaining the session? – Yogendra Singh Nov 16 '12 at 18:25
0
  1. Check your session expiration time. It may be set too low.
  2. Are you using a cookie-aware client like a web-browser or a more low-level client which may not be storing cookies?
  3. When you say "redirecting to another resource", do you mean another web container/server? If so, unless you have replication enabled, the session will not be available on the second request.
Peter Cetinski
  • 2,328
  • 14
  • 8
  • 1. The filter is deployed inside a portal container. The session expiration time is set to 60 minutes. 2. Yes I am using latest version of Safari which is a cookie aware client. 3. I am redirecting to another server for authentication. – Sashikant Nov 15 '12 at 23:09
  • 1
    Sessions are not shared between servers. They're not even shared between applications on the same server. So obviously, the authentication server desn't know anything about your initial server's session. And why would it? Suppose you redirect to google.com. Would you expect google to know about your session? – JB Nizet Nov 16 '12 at 06:50
  • I agree to the point that session is not shared. I even tried to store the info in cookie.But likewise I am loosing the cookie info during redirection. Please suggest any other means(other than Database) which would persist some information during multiple redirection. – Sashikant Nov 16 '12 at 17:54
0

I had the same issue and tore my hair out looking for the best solution. Try putting sessionCookiePath="/" attribute into your context.xml root node:

<Context ... sessionCookiePath="/" > ... </Context>

This will set the path of your session cookie to the root of your app so that it will be passed on redirect. This simple fix worked for me, hope it works for anyone else having this issue years later.

skoooozy
  • 33
  • 6
  • Your answer could be improved with additional supporting information. Please [edit] to add further details, such as citations or documentation, so that others can confirm that your answer is correct. You can find more information on how to write good answers [in the help center](/help/how-to-answer). – Community Dec 15 '21 at 00:54
  • This does not really answer the question. If you have a different question, you can ask it by clicking [Ask Question](https://stackoverflow.com/questions/ask). To get notified when this question gets new answers, you can [follow this question](https://meta.stackexchange.com/q/345661). Once you have enough [reputation](https://stackoverflow.com/help/whats-reputation), you can also [add a bounty](https://stackoverflow.com/help/privileges/set-bounties) to draw more attention to this question. - [From Review](/review/late-answers/30589231) – Saman Salehi Dec 15 '21 at 05:49