cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Mike Engelhart <mengelh...@earthtrip.com>
Subject Re: XSP session diffs
Date Fri, 18 Feb 2000 15:12:55 GMT
Ted wrote:

> Mike Engelhart wrote:
>> 
>> Ricardo mistakenly(?) created an implicit session for every XSP page.
> 
> I just want to get this. Doesn't request.getSession(false) mean that if
> there is an existing session use it, but if there is no existing
> session, DO NOT CREATE one? And (true) means that if there is an
> existing session use it, but if there is no existing session, DO CREATE
> one?
> 
> So your request is to set the default session to (true)?
> 
> Dr. Teddy Achacoso
> GroupServe, Inc.
Yes that's what it means but as I said in my post:

The current code forces a session to be created for every XSP page whether
you want it or not - which sucks.
The only reason that the Ricardo put it there was so that the XSP author was
able to to access the XSP implicit variable named "session" which points to
an HttpSession object which by definition can be null.  This change I
recommended doesn't change that.  So for example, the XSP author can say:
<xsp:logic>
    session.setAttribute("FOO");
    String myFoo = (String) session.getAttribute("FOO");
</xsp:logic>

without having to make this call.  They need to check if the session is null
and possibly create a new one or send the user to an error page but they
have to do that anyway.

Actually, I think the whole thing should be removed because the developer
needs to be in control of session creation, not the XSP page.
I don't know if you've ever used sessions or not but having them created
without the hand of the developer doesn't work if someone bookmarks your
page in the middle of some 5 step process and comes back to your site 9 days
later and your XSP creates a new session in the middle of the process which
has nothing in it.  This isn't generally what you want to happen.  Of course
you can check if the returned results are null but then you don't know "why"
the session doesn't have what you expect in it.

Mike


Mime
View raw message