Getting HttpSession object null

Question

I am using Spring web mvc , rest api, and front end as angular 2. I am creating session in spring using HttpSession, it set the object in session but when I retrieve the session attribute, it returns null. Below is my code. Any help will be appreciated.

@RequestMapping(value="/getSession", method=RequestMethod.GET)
    public @ResponseBody User getSession(HttpSession session,HttpServletRequest req){
        // session = req.getSession(false);
        User user=(User) session.getAttribute("name");
        System.out.println("name "+user.getName());
        System.out.println("surname "+user.getSurname());
        System.out.println("address "+user.getAddress());
        if(user!= null)
            return user;
        else
            return null;
    }

    @RequestMapping(value="userFormData.html",method = RequestMethod.POST)
    public String setUserForm(@ModelAttribute User user, HttpServletRequest ht, HttpSession session){
        HttpSession se = ht.getSession(true);
        se.setAttribute("name", user);
        String str="Vikram";
        System.out.println("Name "+str);
        List<Address> ad= user.getAddress();
        System.out.println("User");
        User user1=(User)se.getAttribute("name");
        System.out.println("SESSION :"+user1.getName());
        System.out.println("SESSION END :"+user1.getSurname());
        System.out.println(ad.size());
        return "user";
    }

Yes you will get null only, since rest service is stateless. Each rest call made to your servlet is a different one. — Clement Amarnath, Aug 19 '17 at 14:00
then how to access the session attribute?? do you have any idea — Vikram Pawar, Aug 19 '17 at 14:03
Read this post - you will get more info https://stackoverflow.com/questions/3105296/if-rest-applications-are-supposed-to-be-stateless-how-do-you-manage-sessions — Clement Amarnath, Aug 19 '17 at 14:07
can you try this : return Collections.singletonMap("token", session.getId()); — AchillesVan, Aug 19 '17 at 14:33
no i don't..i try let you know if the session ids are same or not — Vikram Pawar, Aug 19 '17 at 14:39

score 0 · Answer 1 · answered Aug 19 '17 at 14:10

0

The best way to achieve what you are trying to do is to use session-scoped beans. This will let you create components on which you will be able to store state which, as the name suggests, will be preserved as long as the session is alive. Please refer to Spring's documentation for more details.

answered Aug 19 '17 at 14:10

Lucas

2,921
4
22
43

so did you mean that the information that i want to store in session it will be stored in bean which has scope session and access that information through bean.. – Vikram Pawar Aug 19 '17 at 14:37
@Lucas - can you please explain more on how we can pick the same user session on the server side by using session-scoped beans, on the subsequent requests, since if multiple users gets logged into the system will result in multiple session-scoped beans. Do we have any uniqueness shared between client and server? – Clement Amarnath Aug 28 '17 at 10:32

score 0 · Accepted Answer · answered Aug 28 '17 at 10:26

My approach to maintain session on Restful services application.

RESTful services are stateless and hence in each request we need to send some unique identifier to the server as part of the header.

Client Side

Maintain a authorization token in the client side(Key - Common Key, Value - Unique value by which the client is identified), this authorization token should be received as part of the initial response from the server
Ideal authorization token should contain the information about the User and validity of the session, the values in the token should be encrypted
Token value should be initially obtained from the server, you can use algorithm of your choice, but it should be server generated token
In each RESTful service call add this token as part of your Request Header, so as to enable the server side to identify the user

Server side

On receipt of any request to your RESTful service, validate whether the request for having a valid token. If token is there validate it, else create a new one and send it back as part of the response
If the token is valid, then to restore the user session there are multiple ways(Session Bean, Cache using Map, HttpSession, DB persistence), to use either of these ways to get the session you should be passing a unique key to get the session of the user
The key used to store and retrieve the session of the user should be unique and that need to be received in all of your RESTful service calls as part of the Request header, since RESTful is stateless

In general, maintaining Session in a RESTful application is not a good design, Since RESTful is designed to be stateless.

A REST client needs no prior knowledge about how to interact with any particular application or server beyond a generic understanding of hypermedia.

Rest based architecture use stateless protocol for communication. In stateless protocol, no information is retained either by client or server. If you are designing web services according to REST, then your should consider this point of not maintaining session.

Hope it Helps!

Getting HttpSession object null

2 Answers2