tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Amrhein, Thomas" <>
Subject AW: Session invalidation/ creation
Date Tue, 28 Mar 2000 14:43:54 GMT
I have the same problem with Tomcat 3.1beta1.
Have a look at bug#55.
It's reminded, but I think it should be fixed.

We have standalone PCs, where everybody who wants can login and logout.
It will be very useful to see, that a new cookie must be installed and the
session is really mine.

Right now, we have to unbound or reinitialize all relevant session


-----Ursprüngliche Nachricht-----
Von: Bragg, Casey []
Gesendet am: Dienstag, 21. März 2000 17:01
Betreff: Session invalidation/ creation

I've got a jsp page with a logout button.  Pressing the button results in
the following code fragments being run.  Though the strategy worked with
JServ, its not working with Tomcat 3.0.  Any ideas why?

HttpSession session = request.getSession(false); 
   // Consider that the current session has already 
   // been established by an earlier request.getSession(true)


session = request.getSession(true);
   // For some reason (in Tomcat 3.0) session now points 
   // to the same session which is already invalidated.  
   // In other words, this doesn't return a new session.
   // Subsequent attempts to use session result in 
   // exceptions such as...
   // javax.servlet.ServletException: getAttribute: Session already



To unsubscribe, email:
For additional commmands, email:

View raw message