tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From BugRat Mail System <>
Subject BugRat Report #192 has been filed.
Date Tue, 03 Oct 2000 08:53:03 GMT
Bug report #192 has just been filed.

You can view the report at the following URL:


REPORT #192 Details.

Project: Tomcat
Category: Bug Report
SubCategory: New Bug Report
Class: swbug
State: received
Priority: medium
Severity: serious
Confidence: public
   Release: Tomcat 3.1
   JVM Release: 1.2.2
   Operating System: Windows NT
   OS Release: 4.0
   Platform: Intel Pentium

request.getRequestedSessionId() does not return session ID requested by client

The request object's getRequestedSessionId() method returns the actual session ID, not the
session ID requested by the client.
This is making it more difficult to identify and warn users who have cookies turned off, and
to recognise session timeouts.
Other related methods are also affected. In particular isRequestedSessionIdValid() is always
returning true, even with cookies turned off.
My understanding is that as Tomcat only supports session tracking using cookies, when they
are turned off getRequestedSessionId() should return null, and isRequestedSessionIdValid()
should return false.

View raw message