tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Filip Hanik - Dev Lists <devli...@hanik.com>
Subject Re: svn commit: r1094069 - in /tomcat/trunk: java/org/apache/catalina/ java/org/apache/catalina/ha/session/ java/org/apache/catalina/manager/ java/org/apache/catalina/session/ webapps/docs/
Date Tue, 19 Apr 2011 15:27:41 GMT


On 4/18/2011 4:39 AM, Mark Thomas wrote:
> On 18/04/2011 10:13, Remy Maucherat wrote:
>> On Sat, 2011-04-16 at 22:25 +0000, markt@apache.org wrote:
>>> Author: markt
>>> Date: Sat Apr 16 22:25:28 2011
>>> New Revision: 1094069
>>>
>>> URL: http://svn.apache.org/viewvc?rev=1094069&view=rev
>>> Log:
>>> Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51042
>>> Don't trigger session creation listeners when changing the session ID during
authentication.
>> But the listeners have to be aware that the id changed.
> Why? I have checked the Servlet spec and I don't see any event defined
> for "session ID changed". I also don't see anything (although I may have
> missed it) that says the ID must be constant.

Every logical application that uses the ID as a key, would like to know that the ID has changed
since the key is no longer valid. Those apps 
would rely on some sort event that the key is no longer there. regardless of what the servlet
spec says, it's seems logical.

Filip

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message