Why session is create new when android call second time web service in java

Question

This is a java web service method and we get a new session id when android user call second time. so how to solve it? We are creating new sessionId when android client login and then they sent the same sessionId in the json string even then a new sessionId generate every time.

import java.security.InvalidAlgorithmParameterException;
import java.security.InvalidKeyException;
import java.security.NoSuchAlgorithmException;
import java.security.spec.InvalidKeySpecException;
import javax.crypto.BadPaddingException;
import javax.crypto.IllegalBlockSizeException;
import javax.crypto.NoSuchPaddingException;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
import javax.ws.rs.Consumes;
import javax.ws.rs.GET;
import javax.ws.rs.HeaderParam;
import javax.ws.rs.Path;
import javax.ws.rs.Produces;
import javax.ws.rs.core.Context;
import javax.ws.rs.core.MediaType;
import javax.ws.rs.core.UriInfo;

import com.bis.gauizz.utils.JsonUtil;

@Path("/Service")
public class WebService {

    @GET
    @Path("/Text")
    @Produces(MediaType.APPLICATION_JSON)
    @Consumes(MediaType.APPLICATION_JSON)
    public String getDataText() {
        System.out.println("in getDataText Method");
        return "in getDataText Method";

    }
    @GET
    @Path("/Json")
    @Produces(MediaType.APPLICATION_JSON)
    @Consumes(MediaType.APPLICATION_JSON)
    @HeaderParam("User-Agent")

    public String getDataJson(@Context UriInfo request,
            @Context HttpServletRequest req) throws InvalidKeyException,
            NoSuchAlgorithmException, InvalidKeySpecException,
            NoSuchPaddingException, InvalidAlgorithmParameterException,
            UnsupportedEncodingException, IllegalBlockSizeException,
            BadPaddingException {
        String returnJson = null;

        //User Agent
        String userAgent = req.getHeader("User-Agent").toString();
        System.out.println(userAgent);
        // Create sessionID
        HttpSession idSession = null;
        if(req.getSession(false) == null){
             idSession = req.getSession();
             if(idSession.isNew())
                {
                    System.out.println("New SessionId");

                }
                else
                {
                    System.out.println("Old SessionId");
                    idSession = req.getSession(true);
                }
        }else{
        //To check SessionId is new Or not

        }
        if (idSession != null) {
            request.getQueryParameters().get("json");// most impotent
            JsonUtil jsonUtil = new JsonUtil();
            returnJson = jsonUtil.getJson(request.getQueryParameters()
                    .get("json"), idSession);

        } 
        return returnJson;
    }
}

Answer 1

Make sure you use the same connection/HTTPClient from the client, resending cookies the server sent in reply to the first request. Otherwise a new session will be generated for every request.