tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jacob Kjome <h...@visi.com>
Subject Re: Antwort: RE: How to really destroy a Session
Date Fri, 16 Apr 2004 15:27:05 GMT
Quoting marc.baumgartner@degussa-bank.de:
> 
> I have tested some other cases:
> 
> We have a SessionListener who sets a flag of the user to logout out, when
> there is a session invalidate. Now it seems that the session.invalidate()
> don't calls the listener in Tomcat 5.0. is this possible?
> 
> Thanks,
> Marc
> 

I have seen similar behavior.  See....
http://issues.apache.org/bugzilla/show_bug.cgi?id=18479

The bug is marked "resolved fixed", but look at the messages where I (Jacob
Kjome) start commenting.  I think this bug shouldn't be marked fixed until
sessionDestroyed() is called properly just as valueUnbound() is now called
properly with the current fix for this bug.  Basically, sometimes the listener
collection returned by the following code in StandardSession is null, making it
so HttpSessionAttributeListener's are not called when they should be...

    Context context = (Context) manager.getContainer();
    Object listeners[] = context.getApplicationEventListeners();


If you can show an alternate way or reproducing this bug, maybe the Tomcat
committers will actually give attention to the issue, because I don't see them
paying any attention to it now, even though I've shown that it is a problem.


Jake


> 
> 
> 
> 
> 
>                       "Mike Curwen"
>                       <gb_dev@gb-im.co         An:      "'Tomcat Users List'"
> <tomcat-user@jakarta.apache.org>
>                       m>                       Kopie:
>                                                Thema:   RE: How to really
> destroy a Session
>                       16.04.04 15:56
>                       Bitte antworten
>                       an "Tomcat Users
>                       List"
> 
> 
> 
> 
> 
> The cookie is removed when the user closes the browser, no ?
> 
> 
> > -----Original Message-----
> > From: marc.baumgartner@degussa-bank.de
> > [mailto:marc.baumgartner@degussa-bank.de]
> > Sent: Friday, April 16, 2004 8:34 AM
> > To: tomcat-user@jakarta.apache.org
> > Subject: How to really destroy a Session
> >
> >
> >
> >
> >
> >
> > Hi all,
> >
> > I am using Tomcat 5.0.19.
> >
> > In my application the generated sessions are identified by a
> > cookie on the client. I only allow single sign on. Now I want
> > to destroy the session and I call in a session an
> > invalidate() and the session isn't available. Then the
> > application  redirect the request to the start page. But
> > there is still the cookie with JSESSIONID on the client and
> > there is no new session possible.
> >
> > Is there a solution to remove these cookies?
> >
> > Thanks,
> > Marc
> >
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> > For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> >
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org
> 
> 
> 
> 
> 
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
> For additional commands, e-mail: tomcat-user-help@jakarta.apache.org

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-user-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-user-help@jakarta.apache.org


Mime
View raw message