tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Darren Hobbs <>
Subject RE: Session problems
Date Wed, 16 Aug 2000 11:14:38 GMT
The session ID is sent by the browser as part of the request - a new session
ID will not be generated until a new request is received from the client.
req.getSession() is still using the original req object.  Once a new request
is received from the browser a new req object will be created.  (I think :)

-----Original Message-----
From: []
Sent: 16 August 2000 12:16
Subject: AW: Session problems


it is correct that the objects that I have put in the session get lost, 
but why doesn't the session id get invalidated? 
Is that correct? 


-----Urspr√ľngliche Nachricht----- 
Von: Graham Stewart [
<> ] 
Gesendet: Mittwoch, 16. August 2000 13:03 
Betreff: Re: Session problems 

As far as I'm aware invalidate() marks the session as invalid and unbinds
all objects associated with the session. 


----- Original Message ----- 
Sent: Wednesday, August 16, 2000 11:50 AM 
Subject: Session problems 

I have some questions about session id's and session in general. 
If I do a: 
HttpSession session = req.getSession(true); 
System.out.println("ID " + session.getId()); 
I get a session id like du43dew7k1: 
After a 
System.out.println("ID " + session.getId()); 
I get the same session id like before. 
Even another 
session = req.getSession(true); 
System.out.println("ID " + session.getId()); 
will give me the same session id. 
I this the right behavior? Do I do something wrong? 
What does the session.invalidate() method do then? 
I couldn't find anything in the specs. 

View raw message