check if session is valid or not in servlet

Question

/****NOTE****/ in WEB.XML file I am setting session timeout property, so may be session is expired. /************/

I am using HttpSession object to manage session

HttpSesion session = myPersonalMethodThatReturnHttpSessionObject();

//I am using Eclipse and it provide me following details in Debug view I put Image Below

//so how can i get value of isValid field or method so here i can put in if condition

if(session != null)
{
    //removing attributes from session 
}

/*************************************More Description*******************************************/

My Problem is... note1 --> session timeout is 30 min.

Step1  some one login my web apllication
Step2  session is created.
Step3  if user close web application without signout
Step4  all session attribute is there 
Step5  if another user try to login.
Step6  I try to remove all session attribute and store new attribute value.
Step7  Above functionality work properly but, while session is invalidate can't remove session     attribute so i need to put condition in if session is valid that remove attribute else do nothing so I need to check session is valod or not. 

Answer 1

Based on your update, your login process should be as follows:

HttpSession session = request.getSession(false);  // returns null if no session or session is invalid
if(session != null) {
    // you have old session
    session.invalidate();  // invalidate session - this will remove any old attrs hold in the session
}
// create new session
session = request.getSession(); // creates new empty session
....

You cannot get the isValid field directly. The request.getSession(false) is using it and will return null , if current session is invalid. If session is already invalid you don't have to remove attributes, since they already have been removed and session is inaccessible any more.

Answer 2

you should create an concrete class which implement javax.servlet.http.HttpSessionListener and add your code into its two callback methods:

public interface HttpSessionListener extends java.util.EventListener {
   void sessionCreated(javax.servlet.http.HttpSessionEvent httpSessionEvent);

   void sessionDestroyed(javax.servlet.http.HttpSessionEvent httpSessionEvent);
}

remember to register your listener in web.xml!

Answer 3

Since you are seeing isValid=false , I guess your session has become invalid/timedout.

You should be calling HttpSession session = request.getSession(true); or HttpSession session = request.getSession(); to always get the valid session.

The method request.getSession(true) will ensure that it will create a new session if the current session is invalid. If the current session is valid, it will return the same.

The method request.getSession(); by default calls request.getSession(true); .

Answer 4

You create session with HttpServletRequest object as follows.

HttpSession session = httpServletRequest.getSession();

This will give you new session if one is not already created or return existing session object.

Answer 5

somewhere in you method myPersonalMethodThatReturnHttpSessionObject() add the following line

HttpSession session = request.getSession(false); 

This will help you to find valid session.