tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bill Barker" <>
Subject Re: Question: Strange Session Remove Attribute
Date Sun, 03 Apr 2005 19:22:05 GMT

----- Original Message ----- 
From: "Peter Rossbach" <>
To: "Tomcat Developers List" <>
Sent: Sunday, April 03, 2005 5:04 AM
Subject: Question: Strange Session Remove Attribute

> Hey
> I have review the getIdInteral changes. At expire (StandardSession, 
> DeltaSession) we send first the "SessionDestory events" and after this the 
> "Remove Session Attribute" events. Before we send the remove attribute 
> events the session set to invalid. Hmm: Why we do that? I have read the 
> spec 2.4 but I can find a hint. With this handling nobody can access the 
> getId without IllegalStateException in a HttpSessionBindingListener or 
> HttpSessionAttributeListener! That I can't find this very nice?

What can I say, we needed to generate more BZ reports to mark as INVALID 

> Can anyone explain this session event handling?

There was just a long discussion of this.  For the details, check the list 
archives.  The short version is that it's mandated by section 15.1.7 + 

> regards
> Peter
> ---------------------------------------------------------------------
> To unsubscribe, e-mail:
> For additional commands, e-mail:

This message is intended only for the use of the person(s) listed above as the intended recipient(s),
and may contain information that is PRIVILEGED and CONFIDENTIAL.  If you are not an intended
recipient, you may not read, copy, or distribute this message or any attachment. If you received
this communication in error, please notify us immediately by e-mail and then delete all copies
of this message and any attachments.

In addition you should be aware that ordinary (unencrypted) e-mail sent through the Internet
is not secure. Do not send confidential or sensitive information, such as social security
numbers, account numbers, personal identification numbers and passwords, to us via ordinary
(unencrypted) e-mail.

View raw message