cocoon-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Donald Ball <ba...@webslingerZ.com>
Subject Re: cooperative session handling (was: Dynamic XML generation)
Date Thu, 20 Jul 2000 20:12:18 GMT
On Thu, 20 Jul 2000, Uli Mayring wrote:

> > When you want to log a user out, you remove your auth:stuff from the
> > Session, and only invalidate the session if it contains nothing else. In
> > fact due to the multithreaded nature of the Beast, it would probably be
> > safer never to invalidate a session, in case something else was about to
> > use it.
> 
> What's the session.invalidate() method for, then? Sorry if I sound dumb,
> but I believe Sun doesn't implement random methods for fun and profits. It
> would be much, much easier for me to implement auth: if I didn't have to
> worry about invalidating sessions. So I am really not reluctant to take
> your advice, it just "feels bad" not to clean up :)

what you could do is when you get the session instance, if you created 
it, record the fact that you created it. when you're done, if the session
is otherwise empty, invalidate it.

like so much else in the servlet spec, i don't think sun thought through
all of the issues perfectly beforehand. well, hindsight is colorblind.

- donald


Mime
View raw message