cocoon-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jorg Heymans>
Subject Re: [BUG] SessionModule creates sessions on default
Date Tue, 13 Jan 2004 14:01:00 GMT
> You missed the point. Usage of getSession() forces creation of new 
> session, which means that module *will* create new session, despite the 
> documentation which says otherwise:
>    <strong>NOTE:</strong> The module does not create a new session
> So it is a bug.
Do you mean a bug in the docs or the code?

Where am I wrong here:

1) the session module calls
2) this calls o.a.c.environment.http.HttpRequest.getSession()
which calls o.a.c.environment.http.HttpRequest.getSession(true)
3) First call there is
serverSession = this.req.getSession(create);
where this.req is a real javax.servlet.http.HttpServletRequest

Doing some digging in servlet-2_4-fr spec (p243-244)

- public HttpSession getSession(boolean create)
Returns the current HttpSession associated with this request or, 
[---->if there is no current session *AND* create is true<----], returns 
a new session.
If create is false and the request has no valid HttpSession, this method
returns null. To make sure the session is properly maintained, you must 
call this method before the response is committed. If the container is 
using cookies to maintain session integrity and is asked to create a new 
session when the response is committed, an IllegalStateException is thrown.

This tells me that if there is an existing session you get the existing 
one , irrelevant of the boolean flag (in an servlet-spec-adhering 
container that is ofcourse).
Ofcourse this is all very theoretical but it explains (i hope) my reasoning.


View raw message