Update or create a session in only one frame or before accessing any frame sets. For example, assuming there is no session already associated with the browser and a user accesses a multiframed JSP files, the browser issues concurrent requests for the JSP files. Because the requests are not part of any session, the JSP files end up creating multiple sessions and all the cookies are sent back to the browser. The browser honors only the last cookie that arrives. Therefore, the client can only retrieve the session associated with the last cookie. Creating a session before accessing multiframed pages that utilize JSP files is recommended.
JSPs will, be default, create an HttpSession if it does not already exist. A developer can use <% @page session="false" %> to turn off the automatic session creation from the JSP files that will not access the session. Then if the page needs access to the session information, the developer can use <% HttpSession session = HttpServletRequest.getSession(false); %> to get the already existing session that was created by the original session creating JSP file. This action helps prevent breaking session affinity on the initial loading of the frame pages.
Subscribe to:
Post Comments (Atom)
No comments:
Post a Comment