How to keep alive a session attribute

I have a "look up" html page that works together with a java HttpServlet class that handles some functionality and sends the results开发者_高级运维 to a jsp page.

To perform the look up I need a loginresult object that I put in the session in a different servlet.

This is what happens in the login servlet:

protected void doPost(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        response.setContentType("text/html");
        PrintWriter out = response.getWriter();
        // get attributes that were filled in on the login webpage
        request.getAttribute("username");
        request.getAttribute("password");
        String username = request.getParameter("username");
        String password = request.getParameter("password");
        LoginManager loginManager = new LoginManager(username.trim(), password.trim());
        if (loginManager.doLogin() == true) {
            javax.servlet.http.HttpSession session = request.getSession();
            session.setAttribute("loginResult", loginManager.getLoginResult());
            session.setAttribute("binding", loginManager.getBinding());
            response.sendRedirect("lookup.html");

This is what happens on the look up servlet

request.setCharacterEncoding("UTF-8");
            response.setContentType("text/html");
            javax.servlet.http.HttpSession session = request.getSession();
            LoginResult lr = (LoginResult) session.getAttribute("loginResult");
            if(lr == null)
            {
                throw new Exception("Your session has expired, please log in again");
            }

            // some look up code

            RequestDispatcher dispatcher = request.getRequestDispatcher("result.jsp");
            request.setAttribute("result", result);
            request.setAttribute("question", question);
            request.setAttribute("xml", xml);
            dispatcher.forward(request, response);

In my jsp page is a input button that does the following : ONCLICK="window.location.href='lookup.html'"/>

Sometimes when i leave my result page unfocused or minimize or whatever or I wait too long and I click the return to the look up page it appears that my loginresult object == null. So in my opinion it seams to be expired. Although I thought that the Apache Tomcat server keeps sessions alive for 30 minutes standard.

Any guess why my session attribute disappear?

First you should determine if you are actually getting the same session or not. There are 2 easy ways I can think of to do this.

1.) Look at the contents of the JSESSIONID cookie. Most browsers make this trivial. If the contents change, you have received a different session.

2.) You could try plugging in an HttpSessionListener to log when your sessions are being destroyed.

If you are getting a new session, you have to narrow it down to a configuration issue (Tomcat, web.xml, context snippet etc.) or an app issue. If it's a configuration issue, the problem should be repeatable on other pages than the ones you mention.

Also consider using getSession(false), which won't create a new session if one isn't already present. If you get null from this, it's another indicator that your sessions are timing out.

If you determine you have the same session, but for some odd reason attributes are disappearing, you can implement a HttpSessionAttributeListener and either log or breakpoint when items are removed from the session.