Why session is not null after session.invalidate()

2020-02-09 10:42发布

站内问答 / Java
1637 3 5

I am facing very strange problem while developing JavaEE WEB Application.

Even after invalidating the HttpSession using session.invalidate();, I am not getting session null. There is a case where I have one statement in execution like below after invalidating session.

if (null != session && null != session.getAttribute("loginToken")){
   //do something
}

I am not getting session null here so second condition will try to execute. And hence session is not null, so I am getting IllegalStateException - session is already invalidated. But why session is not null after invalidating it?? :(

3条回答
forever°为你锁心
2楼-- · 2020-02-09 10:59

The invalidate method does the following (from API):

Invalidates this session then unbinds any objects bound to it.

It says nothing about the HttpSession-object itself, but invalidates the session's variables. If you call a method of a class, it is impossible for the object to be null after that method call. If your session should be null afterwards, the method must include a line that looks something like: this = null; which would not be possible. Throwing an exception for an invalidated session is the prefered way to do it.

查看更多
0人赞 添加讨论(0) 举报
家丑人穷心不美
3楼-- · 2020-02-09 11:05

Calling session.invalidate() removes the session from the registry. Calling getSession(false) afterwards will return null (note that getSession() or getSession(true) will create a new session in this case). Calling invalidate() will also remove all session attributes bound to the session. However if your code still has references to the session or any of its attributes then these will still be accessible:

    // create session if none exists (default) and obtain reference
    HttpSession session = request.getSession();

    // add a session attribute
    session.setAttribute("lollypop", "it's my party");

    // obtain reference to session attribute 
    Object lollypop = session.getAttribute("lollypop");

    // print session ID and attribute
    System.out.println(session.getId());
    System.out.println(lollypop);

    session.invalidate();

    // session invalidated but reference to it still exists
    if (session == null) {            
        System.out.println("This will never happen!");
    }

    // print ID from invalidated session and previously obtained attribute (will be same as before)
    System.out.println(session.getId());
    System.out.println(lollypop);

    // print 'null' (create=false makes sure no new session is created)
    System.out.println(request.getSession(false));

Example output:

1k47acjdelzeinpcbtczf2o9t
it's my party
1k47acjdelzeinpcbtczf2o9t
it's my party
null

So far for the explanation. To solve your problem you should do:

HttpSession existingSession = request.getSession(false);
if (existingSession != null && existingSession.getAttribute("loginToken") != null){
   //do something
}
查看更多
0人赞 添加讨论(0) 举报
疯言疯语
4楼-- · 2020-02-09 11:07

Try passing false as the parameter to the getSession(boolean) . This will give back a session if it exists or else it will return null.

HttpSession session = request.getSession(false);
if(session==null || !request.isRequestedSessionIdValid() )
{
    //comes here when session is invalid.

}
查看更多
0人赞 添加讨论(0) 举报
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(5)