tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Tim Funk <>
Subject Re: javax.servlet.http.HttpSession.getId() returns null
Date Tue, 02 Sep 2003 12:48:18 GMT
Before going farthar, have you looked at the Single Sign On valve?

If you are using container managed security(such as form authentication), 
those contraints are executed before the filter chain is ever made.

(Otherwise) I am unsure of the semantics of getId() without re-reading the 
javadocs or the spec.


Johann Uhrmann wrote:

> Hello,
> I am writing a single-sign-on filter that uses cookies and
> a request-wrapper in order to fake a form-based login in
> case the user is already authenticated in another web application.
> The filter needs some internal structures to perform the single-sign-on
> process, e.g. a map that associates the logon name with all
> active sessions of the user.
> When I try to get the id of those session objects, they sometimes
> return null.
> Are the ids of expired sessions set to null in Tomcat 4.1.27?
> If yes, is there a way to retrieve the former session ids?
> Thank You,
> Hans

View raw message