How to operate on another session using a session id in a J2EE application

Many times there could be a situation where, we need to obtain another session object using just the session id and invalidate/operate on that session. There is no standard way mentioned in the J2EE specs to achieve this, but we will discuss an alternate solution to this problem.

The solution we are discussing is built using a servlet. We will create a dedicated servlet which performs the action we want to perform on the "looked up" session. Then we will originate a call from within the server to this new servlet by programmatically setting the session id into the request header.


Let us see in detail. 


Given a session id, let us try to lookup the session object and print the value of the session attribute "Test_Message".
Step - 1
Create a new servlet to perform the required task on the "looked up" session.


public class LookedUpSessionActor extends HttpServlet implements Servlet{


protected void doGet(HttpServletRequest arg0, HttpServletResponse arg1) throws ServletException, IOException {
        doPost(arg0, arg1);
    }


protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession(false);
        if(session != null){
System.err.println(session.getAttribute(“Test_Message”));
}else{
System.err.println(“Session already invalidated”);


}
                response.setContentType("text/html;charset=UTF-8");
                response.getOutputStream().println("Successful");


}


}


Give the servlet a name in the web.xml. For eg: LookedUpSessionActor
Also, for this example, let us assume that our servername is myserver and application name is myapp, so the url of the servlet becomes


http://myserver/myapp/LookedUpSessionActor


Step – 2
Write the class and a method which does the lookup of the session using a session id.


public class SessionLookupHelper {


        public void initiateActionOnSession(String sessionId) {
                String urlString = "http://myserver/myapp/LookedUpSessionActor";
                try {
                        URL url = new URL(urlString);
                        HttpURLConnection urlc = (HttpURLConnection) url.openConnection();
                        urlc.setRequestProperty("Cookie", "JSESSIONID="+sessionId);
            urlc.setDoOutput(true);
            urlc.getContent();
            urlc.disconnect();
                } catch (Exception e) {
                        e.printStackTrace();
                }
        }
}


Basically this class will make a URL Connection to the servlet by setting the given session id as the JSESSIONID cookie value in the request. If your server is configured to use a different cookie name for session id, replace JSESSIONID with that.


You are all set. Whenever you want to operate on the other session, all you need is to call this method providing the session id.