jsp's understanding of request.getSession of false (with a bug that programmers often overlook)
- 2020-05-09 19:03:26
- OfStack
【 previous words 】
On the Internet, I often see people raise questions about request.getSession (false), and I was also confused for the first time. I read J2EE1.3 API, and then I read the explanation of J2EE1.3 API on the official website.
[official explanation]
getSession
public HttpSession getSession(boolean create)
Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session.
If create is false and the request has no valid HttpSession, this method returns null.
To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.
Parameters: true - to create a new session for this request if necessary; false to return null if there's no current session
Returns: the HttpSession associated with this request or null if create is false and the request has no valid session
Translation:
getSession(boolean create) means to return HttpSession in the current reqeust, if HttpSession in the current reqeust is null, when create is true, create a new Session, otherwise return null;
In short:
HttpServletRequest.getSession (ture) is the same thing as HttpServletRequest.getSession ()
HttpServletRequest. getSession(false) is equivalent to null if Session is not currently Session;
【 question and bug】
Many of my colleagues wrote this;
It is important to note that request.getSession () is equivalent to request.getSession (true). request.getSession (false) should be used unless we are sure that session1 exists or sesson does not. When using the request.getSession () function, it is usually in action to check if a variable/token is stored in session. There may be no session in this scenario. The normal judgment would be as follows:
【 opportunistic 】 :
If Spring is used in the project (Spring is a good choice as long as it is a larger project of Java), the operation of session is much more convenient. If you need in Session values, can use WebUtils tools (org. springframework. web. util. WebUtils) of getSessionAttribute (HttpServletRequest request, String name) method, see written master source: ha ha..
Note: Assert is a tool in the Spring toolkit that is used to judge some validation operations. In this case, it is used to determine whether reqeust is empty or not. If it is empty, throw an exception.
The above code can be concise 1, see:
Source: http: / / blog. csdn. net/xxd851116
On the Internet, I often see people raise questions about request.getSession (false), and I was also confused for the first time. I read J2EE1.3 API, and then I read the explanation of J2EE1.3 API on the official website.
[official explanation]
getSession
public HttpSession getSession(boolean create)
Returns the current HttpSession associated with this request or, if if there is no current session and create is true, returns a new session.
If create is false and the request has no valid HttpSession, this method returns null.
To make sure the session is properly maintained, you must call this method before the response is committed. If the container is using cookies to maintain session integrity and is asked to create a new session when the response is committed, an IllegalStateException is thrown.
Parameters: true - to create a new session for this request if necessary; false to return null if there's no current session
Returns: the HttpSession associated with this request or null if create is false and the request has no valid session
Translation:
getSession(boolean create) means to return HttpSession in the current reqeust, if HttpSession in the current reqeust is null, when create is true, create a new Session, otherwise return null;
In short:
HttpServletRequest.getSession (ture) is the same thing as HttpServletRequest.getSession ()
HttpServletRequest. getSession(false) is equivalent to null if Session is not currently Session;
【 question and bug】
Many of my colleagues wrote this;
HttpSession session = request.getSession(); // a new session created if no session exists . Ha ha! Finished! if session If it doesn't exist, you create it 1 A!!!!
String user_name = session.getAttribute("user_name");
It is important to note that request.getSession () is equivalent to request.getSession (true). request.getSession (false) should be used unless we are sure that session1 exists or sesson does not. When using the request.getSession () function, it is usually in action to check if a variable/token is stored in session. There may be no session in this scenario. The normal judgment would be as follows:
HttpSession session = request.getSession(false);
if (session != null) {
String user_name = session.getAttribute("user_name");
}
【 opportunistic 】 :
If Spring is used in the project (Spring is a good choice as long as it is a larger project of Java), the operation of session is much more convenient. If you need in Session values, can use WebUtils tools (org. springframework. web. util. WebUtils) of getSessionAttribute (HttpServletRequest request, String name) method, see written master source: ha ha..
/**
* Check the given request for a session attribute of the given name.
* Returns null if there is no session or if the session has no such attribute.
* Does not create a new session if none has existed before!
* @param request current HTTP request
* @param name the name of the session attribute
* @return the value of the session attribute, or <code>null</code> if not found
*/
public static Object getSessionAttribute(HttpServletRequest request, String name) {
Assert.notNull(request, "Request must not be null");
HttpSession session = request.getSession(false);
return (session != null ? session.getAttribute(name) : null);
}
Note: Assert is a tool in the Spring toolkit that is used to judge some validation operations. In this case, it is used to determine whether reqeust is empty or not. If it is empty, throw an exception.
The above code can be concise 1, see:
HttpSession session = request.getSession(false);
String user_name = WebUtils.getSessionAttribute(reqeust, "user_name");
Source: http: / / blog. csdn. net/xxd851116