Any tool to view web session attributes?
Of course. It's not actually a tool, but a simple code snippet. Somewhere in a servlet/jsp/filter of yours add the following:
Session session = request.getSession();
Enumeration attributeNames = session.getAttributeNames();
while (attributeNames.hasMoreElements()) {
String name = attributeNames.nextElement();
String value = session.getAttribute(name);
System.out.println(name + "=" + value);
}
and you will have all attributes of the session printed on the console.
Alternatively, in JSP do:
<c:forEach items="${sessionScope}" var="attr">
${attr.key}=${attr.value}<br>
</c:forEach>
this will print all attributes of the session on the page.
Update: It turns out you have a wrong understanding of the session. The session data is at the server-side. The client only hold a unique identifier by which its data is referred at the server. This identifier is most often the "session cookie", but can also be part of the url (JSESSIONID). So the client cannot see the contents of the session directly. If you want your session attributes to be displayed with meaninful values (different from their hashcode) override their toString()
method.
Comments
-
ruwan.jayaweera almost 2 years
I use jsp/Servlets for my web layer. Is there any tool to examine session attributes in a web session?
-
ruwan.jayaweera about 14 yearsThank you, this was the solution I also came up with finally, but isn't there a tool, (like firefox plugin) which can do this? (because if a browser can clear the session attributes why cant it display them?) Also if the attribute is an object, using this technique, it will only show the hashcode of that object.
-
Bozho about 14 yearsyou seem to be misunderstanding the session concept. see mu update
-
ruwan.jayaweera about 14 yearsI understand that the session data is on the server side, but what I'm asking is whether we can view the session variables with out having code (like the ones you have given above) in the server side? For example, can we view the session variables of the stackoverflow.com? Also to avoid the hash code is override toString() that I understand. but what I want is to drill down an object to view its child objects and its child objects ....
-
Bozho about 14 years1. There is no way to view the session contents without code 2. you can use reflection to drill down an object
-
Edward J Beckett over 10 years@Bozho +1 :: That sessionScope snippet is great for debugging page level security issues... TY.
-
Chaos7703 almost 7 yearsOld, but @ruwan.jayaweera & others: Usually your session data is stored on the server & the server sets a cookie that is used to identify the user's session. "Clearing" the session in the browser usually just erases that cookie. On the next request the browser no longer has the session cookie to look up the user's session, so they effectively don't have one anymore. Garbage collection will eventually erase it. If someone "steals" that cookie, they can potentially hijack the session & masquerade as the user. So, you can only view the data in the browser if you add it to the response as above.
-
wonsuc almost 6 yearsWhat is the package name of
Session
object? It shows an errorCannot resolve symbol 'Session'
.