Return-Path: Mailing-List: contact cocoon-users-help@xml.apache.org; run by ezmlm Delivered-To: mailing list cocoon-users@xml.apache.org Received: (qmail 88045 invoked from network); 20 Jul 2000 20:09:04 -0000 Received: from balld-0.dsl.speakeasy.net (HELO localhost.localdomain) (@216.254.77.75) by locus.apache.org with SMTP; 20 Jul 2000 20:09:04 -0000 Received: by localhost.localdomain (Postfix, from userid 501) id C1F2C4812; Thu, 20 Jul 2000 16:12:18 -0400 (EDT) Received: from localhost (localhost [127.0.0.1]) by localhost.localdomain (Postfix) with ESMTP id 5FAD66029 for ; Thu, 20 Jul 2000 16:12:18 -0400 (EDT) Date: Thu, 20 Jul 2000 16:12:18 -0400 (EDT) From: Donald Ball X-Sender: balld@localhost.localdomain To: cocoon-users@xml.apache.org Subject: Re: cooperative session handling (was: Dynamic XML generation) In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII X-Spam-Rating: locus.apache.org 1.6.2 0/1000/N On Thu, 20 Jul 2000, Uli Mayring wrote: > > When you want to log a user out, you remove your auth:stuff from the > > Session, and only invalidate the session if it contains nothing else. In > > fact due to the multithreaded nature of the Beast, it would probably be > > safer never to invalidate a session, in case something else was about to > > use it. > > What's the session.invalidate() method for, then? Sorry if I sound dumb, > but I believe Sun doesn't implement random methods for fun and profits. It > would be much, much easier for me to implement auth: if I didn't have to > worry about invalidating sessions. So I am really not reluctant to take > your advice, it just "feels bad" not to clean up :) what you could do is when you get the session instance, if you created it, record the fact that you created it. when you're done, if the session is otherwise empty, invalidate it. like so much else in the servlet spec, i don't think sun thought through all of the issues perfectly beforehand. well, hindsight is colorblind. - donald