tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Ralph Einfeldt" <>
Subject RE: Problem with invalidating a session
Date Wed, 08 Jan 2003 13:53:22 GMT
See below:

> -----Original Message-----
> From: Tim Funk []
> Sent: Wednesday, January 08, 2003 2:14 PM
> To: Tomcat Users List
> Subject: Re: Problem with invalidating a session

> Your code invalidates the session. getSession(true) is returning a 
> reference to session you just the invalidated.

No it's a new session. (getId() returns a different value)

If that would be the problem the exception would already be
thrown in 'session.putValue("Test", "Test")', but it is thrown
in PageContextImpl.getAttribute() (which part of the generated 
code for use bean) if the scope of the bean is session.

The real problem is, that pageContext has still a reference
the the invalidated session.

> My main point is getSession(true) must return a HttpSession. There is 
> nothing in the spec that states if a session becomes invalidated 
> during the life of a request, that getSession(true) must return a 
> new session.

Here you have a point. I have read this in an older spec:

HttpSession getSession(boolean create)

 Gets the current valid session associated with this request...

Note the additional word 'valid'. This lead me to the conclusion
it would create a session after the current session is invalidated.
As two implementations (tomcat and gnujsp) behave in that way I 
didn't look in the current servlet spec to verify that.

So to be realy spec compliant I have to omit that solution :{.

To unsubscribe, e-mail:   <>
For additional commands, e-mail: <>

View raw message