httprequest.getsession is returning null

Question

I have written one filter which would invalidate current session and create new session and copy attributes of old session into new session. This is working fine in tomcat5 and jdk 1,4 but when i switched it to tomcat6 and jdk 1.6 once the filter is running then for next request httprequest.getsession(false ) is null. Why its behaving differently in tomcat 6 . Please help. here is the code snippet

public void doFilter(ServletRequest request, ServletResponse response,
                        FilterChain chain) throws IOException, ServletException 
                        { 
        HttpServletRequest httpRequest = (HttpServletRequest) request;
        System.out.println("within GenerteNewSessionFilter");
        System.out.println("within GenerteNewSessionFilter getRequestURI"+httpRequest.getRequestURI());
        System.out.println("within GenerteNewSessionFilter getRequestURL"+httpRequest.getRequestURL());

        System.out.println("within GenerteNewSessionFilter session false"+httpRequest.getSession(false));

        String reqUrl=httpRequest.getRequestURL().toString();
        if (reqUrl==null){
            reqUrl="";
        }
        int idxLogin=reqUrl.indexOf("LoginSubmit.jsp");
        int idxReg=reqUrl.indexOf("RegistrationSubmit.jsp");
        int idxErr=reqUrl.indexOf("Error");

    int idxSave=-1;
    System.out.println("within GenerteNewSessionFilter reqUrl "+reqUrl);
    System.out.println("within GenerteNewSessionFilter idxLogin index"+idxLogin);
    System.out.println("within GenerteNewSessionFilter idxReg index"+idxReg);
    System.out.println("within GenerteNewSessionFilter idxErr index"+idxErr);

    if (httpRequest.getSession(false) != null  &&  (idxLogin >0 || idxReg >0) && idxErr <0 ){
      //copy session attributes from old session to a map. 
        System.out.println("copy session attributes from old session to a map");
        HttpSession session = httpRequest.getSession();

      HashMap old=new HashMap();
      Enumeration keys = (Enumeration) session.getAttributeNames();
      while (keys.hasMoreElements()) {
        String key = (String) keys.nextElement();

       old.put(key, session.getAttribute(key));
          session.removeAttribute(key);


      }
      System.out.println("old  session id  "+session.getId());

      //invalidate session and create new session.
      session.invalidate();
      //create new session
      session = httpRequest.getSession(true);

      //copy session attributes from map session to new session
      Iterator it = old.entrySet().iterator(); //iterator
      while (it.hasNext()) {
          Map.Entry pairs = (Map.Entry)it.next();
          //putitng old attributes in to new session
          session.setAttribute((String) pairs.getKey(), pairs.getValue());

      }//end while loop
          System.out.println("end copy  session attributes");
          System.out.println("new session id status "+httpRequest.getSession(false));
          System.out.println("final new   session session id  "+session.getId());
    }
    chain.doFilter(request, response);
    }
      public void init(FilterConfig filterConfig) throws ServletException {


    }

}

score 2 · Answer 1 · answered Sep 04 '14 at 12:18

2

The javadoc of HttpServletRequest.getSession(boolean create) clearly states that if you pass a false value to its parameter, it will only return the HttpSession if there is one existing already. If there is no session associated with the request, it will return null.

So if you invalidate your current session, obviously calling request.getSession(false) in your next request will return null.

If you want to create a new session after invalidating the current one, then use: request.getSession(true) or more simply: request.getSession().

answered Sep 04 '14 at 12:18

icza

389,944
63
907
827

after invalidating it i am creating a new session – aru Sep 04 '14 at 12:39
and copying the old attributes in to new session.see the above code. i created filer only for login submit action . code is working well in tomcat 5 but in tomcat 6 its setting session null after filter is executed , its loosing all the contents. – aru Sep 04 '14 at 12:42
Have you tried using `request.getSession()` instead of `request.getSession(true)`? – icza Sep 04 '14 at 12:57
would it make any difference ? because code till filter is working well.but once the page is redirected to home page from login page , http session is returning null. – aru Sep 04 '14 at 13:00
It shouldn't but please try. – icza Sep 04 '14 at 13:01
i tried it It did not made any difference. the whole code is working fine in tomcat5 but not in tomcat 6.The moment request is forwarded to home.jspfrom loginsubmit action session is getting set to null – aru Sep 05 '14 at 06:59
could you help me how should i proceed now – aru Sep 05 '14 at 12:05

Eshwar Iyer · Answer 2 · 2017-11-04T14:51:37.027

I faced a similar issue in 7.0.82. In 7.0.57 the httpRequest.getSession(false) returned a session (the session was already created), but in 7.0.82, it was returning null. Absolutely no code change, only the tomcat was upgraded.

I was able to resolve this by adding the JsessionId cookie manually.

HttpSession session = request.getSession(false);
Cookie userCookie;
if (request.getParameter("JSESSIONID") != null) {
    userCookie = new Cookie("JSESSIONID", 
    request.getParameter("JSESSIONID"));
} else {
String sessionId = session.getId();
userCookie = new Cookie("JSESSIONID", sessionId);
}
response.addCookie(userCookie);

Beware that `request.getSession(false)` can return null, so your solution can throw a nullPointerException — Abdullah Ahçı, Jul 16 '19 at 08:09

httprequest.getsession is returning null

2 Answers2

Related