tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Johann Uhrmann <>
Subject Re: javax.servlet.http.HttpSession.getId() returns null
Date Wed, 03 Sep 2003 06:42:06 GMT
Johann Uhrmann wrote:
> Hello,
> I am writing a single-sign-on filter that uses cookies and
> a request-wrapper in order to fake a form-based login in
> case the user is already authenticated in another web application.
> The filter needs some internal structures to perform the single-sign-on
> process, e.g. a map that associates the logon name with all
> active sessions of the user.
> When I try to get the id of those session objects, they sometimes
> return null.

Hello again,

after reviewing my logs, it seems that session objects are being
recycled by the server and the id is set to null while they are
not in use.

Is that correct?

Is there a docu that shows what objects are pooled in Tomcat so
application developer can consider the side-effects of pooling?

In my case, I held references to session objects and it seems that
the id changed over time. That behaviour broke my filter design
and was hard to track down.

Kind regards,


View raw message