Is there any way to get a session object when knowing the session id?

David Garcia

This would be useful for reattaching a user to a preexisting session. [Unfortunately, this behavior has been deemed dangerous. The code below used to work, but has been deprecated as of Servlet API version 2.1. (The method HttpSessionContext.getSession(String sessionid) has been deprecated.)

There may be a way to make it work under certain servlet engines, but no portable/standard way that I know of. -Alex]

Code sample:

// first, store the target HttpSession id, no problems about this cause the id is a Serializable String object
HttpSession oldSesion=request.getSession(false);
String id=oldSesion.getId();

// next, maybe in another servlet or object
// recover target ID
String idOldSesion=database.recoverID();

// recover target HttpSession
HttpSession currentSesion=request.getSession(false);
HttpSessionContext sCtx=currentSesion.getSessionContext();
HttpSession recoveredOldSesion=sCtx.getSession(idOldSesion);

Test conditions:
BEA Weblogic 4.5.1 (uses httpServlet Specification 2.1 ).
Windows NT 4.0