tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amrhein, Thomas" <tamrh...@debis.com>
Subject AW: Session invalidation/ creation
Date Tue, 28 Mar 2000 14:43:54 GMT
I have the same problem with Tomcat 3.1beta1.
Have a look at bug#55.
It's reminded, but I think it should be fixed.

We have standalone PCs, where everybody who wants can login and logout.
It will be very useful to see, that a new cookie must be installed and the
session is really mine.

Right now, we have to unbound or reinitialize all relevant session
attributes.

TA


-----Ursprüngliche Nachricht-----
Von: Bragg, Casey [mailto:Casey.Bragg@allegiancetelecom.com]
Gesendet am: Dienstag, 21. März 2000 17:01
An: tomcat-user@jakarta.apache.org
Betreff: Session invalidation/ creation

I've got a jsp page with a logout button.  Pressing the button results in
the following code fragments being run.  Though the strategy worked with
JServ, its not working with Tomcat 3.0.  Any ideas why?

HttpSession session = request.getSession(false); 
   // Consider that the current session has already 
   // been established by an earlier request.getSession(true)

session.invalidate();

session = request.getSession(true);
   // For some reason (in Tomcat 3.0) session now points 
   // to the same session which is already invalidated.  
   // In other words, this doesn't return a new session.
   // Subsequent attempts to use session result in 
   // exceptions such as...
   // javax.servlet.ServletException: getAttribute: Session already
invalidated

Thanks...

...Casey



--------------------------------------------------------------------------
To unsubscribe, email: tomcat-user-unsubscribe@jakarta.apache.org
For additional commmands, email: tomcat-user-help@jakarta.apache.org

Mime
View raw message