通常jsp编程中都是使用
HttpServletRequest.getSession()
但却忽略了一个问题,如果此用户session不存在,则会创建一个新的session。
可以看到官方解释:
/**
*Returns the current HttpSession associated with this request or, if if there
*is no current session and create is true, returns a new session.
*If create is false and the request has no valid HttpSession, this method
*returns null.
*To make sure the session is properly maintained, you must call this method
*before the response is committed. If the container is using cookies to maintain
*session integrity and is asked to create a new session when the response is
*committed, an IllegalStateException is thrown.
*Parameters: true - to create a new session for this request if necessary; false
*to return null if there's no current session
*Returns: the HttpSession associated with this request or null if create is
*false and the request has no valid session
*/
public HttpSession getSession(boolean create)
而
HttpServletRequest.getSession() == HttpServletRequest.getSession(ture)
HttpServletRequest.getSession(false) == 如果不存在则返回null
正确处理方式应该是:
使用HttpServletRequest.getSession(false)处理session。
HttpSession _session = HttpServletRequest.getSession(false);
if (_session != null) {
_session.getAttribute("xxx");
}