tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shapira, Yoav" <>
Subject RE: Deaktivate Session-Creation/Handling
Date Thu, 01 Apr 2004 14:01:26 GMT


>>- Writing an HttpServletRequestWrapper whose getSession methods always
>>return null (or a new empty session, or whatever you need)
>Yes i have see this option also but i'm not shure where i add it?

You would do this:
- Write a class that extends HttpServletRequestWrapper, overriding the
two getSession methods to return null.  Call this class NoSessionRequest
or whatever you want to call it.
- Write a Filter (javax.servlet.Filter) whose filter method looks like

public void doFilter(ServletRequest request, ServletResponse response,
FilterChain chain) throws IOException, ServletException {
  ServletRequest wrapped = null;
  if(request instanceof HttpServletRequest) {
    wrapped = new NoSessionRequest((HttpServletRequest) request);
  } else {
    wrapped = request;

  chain.doFilter(wrapped, response);
Or something along those lines.

Map the filter to url-pattern /* so it handles all requests.  (Or to a
more specific mapping if you'd like).

Even though I mentioned this before, I'll do it again: this is a bad

Yoav Shapira

This e-mail, including any attachments, is a confidential business communication, and may
contain information that is confidential, proprietary and/or privileged.  This e-mail is intended
only for the individual(s) to whom it is addressed, and may not be saved, copied, printed,
disclosed or used by anyone else.  If you are not the(an) intended recipient, please immediately
delete this e-mail from your computer system and notify the sender.  Thank you.

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message