cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Vadim Gritsenko <vadim.gritse...@verizon.net>
Subject Re: [BUG] SessionModule creates sessions on default
Date Tue, 13 Jan 2004 22:30:57 GMT
Jorg Heymans wrote:

>> You missed the point. Usage of getSession() forces creation of new 
>> session, which means that module *will* create new session, despite 
>> the documentation which says otherwise:
>>
>>    <strong>NOTE:</strong> The module does not create a new session
>>
>>
>> So it is a bug.
>>
> Do you mean a bug in the docs or the code?


I tend to think that this is the bug in the code. I think module should 
not create a session, and if you want to create a session you should do 
it somewhere else (there is an action for this purpose). Querying a 
session is not a request to create a session.


> Where am I wrong here:
>
> 1) the session module calls
> ObjectModelHelper.getRequest(objectModel).getSession();


True. But this is not correct behavior.


> 2) this calls o.a.c.environment.http.HttpRequest.getSession()
> which calls o.a.c.environment.http.HttpRequest.getSession(true)


True.


> 3) First call there is
> serverSession = this.req.getSession(create);
> where this.req is a real javax.servlet.http.HttpServletRequest


True.


> Doing some digging in servlet-2_4-fr spec (p243-244)
>
> - public HttpSession getSession(boolean create)
> Returns the current HttpSession associated with this request or, 
> [---->if there is no current session *AND* create is true<----], 
> returns a new session.
> If create is false and the request has no valid HttpSession, this method
> returns null. To make sure the session is properly maintained, you 
> must call this method before the response is committed. If the 
> container is using cookies to maintain session integrity and is asked 
> to create a new session when the response is committed, an 
> IllegalStateException is thrown.


That's also correct.


> This tells me that if there is an existing session you get the 
> existing one , irrelevant of the boolean flag (in an 
> servlet-spec-adhering container that is ofcourse).
> Ofcourse this is all very theoretical but it explains (i hope) my 
> reasoning.


Problem is the situation when there is no session yet.

Session should not be created by the module, if it does not exist. And 
this means that module should use getSession(false) - if you to follow 
its documentation.

Vadim




Mime
View raw message