request.getSession() is getting session or creating session?

Question

Just I gone through,

Under what conditions is a JSESSIONID created?

Till now I am in a impression that,

request.getSession()

Gives me the current session(giving,not creating) based upon the boolean passed to that method.Looks cool till here.

Now I read that

Session is created when your code calls request.getSession() or request.getSession(true) for the first time.

So ,If I'm not calling request.getSession() in my any of servlets, And those servlets are made to serve some static html pages (around 50),

1)There is no need of a session between the container and the client ?

2)If no how container is detecting(serving a html page) client ?any hidden info in headers other than the session id?

Answer 1

A HttpSession is not always required. This is the case, if the servlet is "stateless", and the information from the HTTP request is sufficient to fulfill the request.

So a HttpSession is not created, if you have servlets which do not call request.getSession().

Generally speaking the HttpSession is required, if the servlet has to detect if multiple requests come from the same client. For example to manage conversational state (like a shopping cart etc.) in a session attribute.

---

Example: telnet into a servlet which only returns a text/plain string: The text in bold has been typed in (that's the HTTP request)

$ telnet localhost 8080
Trying 127.0.0.1...
Connected to localhost.localdomain.
Escape character is '^]'.
GET /xxx/textplainservlet/ HTTP/1.1
Host: localhost:8080

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Content-Type: text/plain;charset=ISO-8859-1
Content-Length: 13
Date: Fri, 06 Sep 2013 12:11:10 GMT

Hello, world

A sesion is not created in this case.

---

Example: A simple JSP which returns nothing but a static HTML content:

GET /xxx/hello.jsp HTTP/1.1
Host: localhost:8080

HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
X-Powered-By: JSP/2.2
Set-Cookie: JSESSIONID=n0cOaZFUvlXSvX7hNEfcNzHP.undefined; Path=/nk-eapp-ping-60-jpa
Content-Type: text/html;charset=ISO-8859-1
Content-Length: 49
Date: Fri, 06 Sep 2013 12:11:58 GMT

[... a HTML document ...]

In that case, a session is created, and the cookie is set, even if the JSP does not call request.getSession() explicitly!

Therefore I have attached a HttpSessionListener, and indeed, a session is created implicitly. In that listener I dumped a stack trace:

org.apache.catalina.session.StandardSession.tellNew(StandardSession.java:374)
org.apache.catalina.session.StandardSession.setId(StandardSession.java:344)
org.apache.catalina.session.ManagerBase.createSession(ManagerBase.java:506)
org.apache.catalina.session.StandardManager.createSession(StandardManager.java:297)
org.apache.catalina.connector.Request.doGetSession(Request.java:2665)
org.apache.catalina.connector.Request.getSession(Request.java:2375)
org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:841)
org.apache.catalina.connector.RequestFacade.getSession(RequestFacade.java:852)
org.apache.jasper.runtime.PageContextImpl._initialize(PageContextImpl.java:146)
org.apache.jasper.runtime.PageContextImpl.initialize(PageContextImpl.java:124)
org.apache.jasper.runtime.JspFactoryImpl.internalGetPageContext(JspFactoryImpl.java:106)
org.apache.jasper.runtime.JspFactoryImpl.getPageContext(JspFactoryImpl.java:62)
org.apache.jsp.hello_jsp._jspService(hello_jsp.java:45)

These tests have been run using JBoss 7.

---

To check if a session is created or not, just re-test it in your environment using a HttpSessionListener:

@WebListener
public class MyHttpSessionListener implements HttpSessionListener {
    private final static Logger log = Logger
            .getLogger(MyHttpSessionListener.class.getName());

    public void sessionCreated(HttpSessionEvent e) {
        // Possibly create a stack trace here, and dump it
        log.info("Session created: " + e.getSession().getId() + ", timeout "
                + e.getSession().getMaxInactiveInterval());
    }

    public void sessionDestroyed(HttpSessionEvent e) {
        log.info("Session destroyed: " + e.getSession().getId());
    }
}

Answer 2

1)There is no need of a session between the container and the client ?

---> Not necessary if it is just html pages, for e.g. JavaDocs html pages, you do not need session to create.

2)If no how container is detecting(serving a html page) client ?any hidden info in headers other than the session id?

----> It is the URL and you map url with html page or you just keep your pages with public access. Here, if request is hit, tomcat will create thread, which will serve the request by writing the request page in response.

Take a look at HTTP Request header