I'm developing Java Servlets. At the point of checking whether a user is logged in, I want to check if the HTTP request has a valid session. For checking that, I have 2 possibilities:
(1)
protected void processRequest(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException { HttpSession session = request.getSession(false); if (session != null) { // user is logged in ... }}Since I pass false as an argument, there is no new session created if there is no valid session existing already, and the function returns null, for what I can check.
Or I do:
(2)
if (request.isRequestedSessionIdValid()) { // user is logged in ... }Is there any difference, any advantage/disadvantage? Or do both functions do more or less the same?