tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Souther <>
Subject Re: session invalidation and <%@ page session=false %>
Date Thu, 27 Nov 2003 13:48:18 GMT
Remember, all JSPs get converted to servlets before being compiled.
If you want to see how to mimick JSP functionality in a servlet, look at the 
generated servlet code in your TOMCAT_HOME/work directory.

On Thursday 27 November 2003 07:24 am, you wrote:
> I'm wondering what the servlet equivalent of <%@ page session=false %>
> would be.
> After all the discussion here about disabling URL rewriting, I have
> knocked up a filter to overwrite the response so that encodeUrl() is
> no-op'd (thanx Brice) for requests from callers like google that can't
> handle or don't need a session.
> In the same filter I can invalidate the session after the call to
> chain.doFilter() so that the sessions created don't hang around.
> However it seems an awkward solution, since the session is used
> throughout the servlet - I thought I could use session.invalidate() just
> to kill off the session right away and then do a test on the session
> wherever I need it to see if it is valid or present.
> The only test I can do to identify an invalidated session is to try
> catch on an IllegalStateException on any session method call, but that's
> goes against my philosophy.
> If I overwrite the request as well and override the getSession() to
> return null, is that going to present any unforeseen issues on these
> requests that need no session? Or is there a better way of mimicking <%@
> page session=false %> ?
> Adam

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message