tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Caldarale, Charles R" <Chuck.Caldar...@unisys.com>
Subject RE: Moving from a very old Tomcat to a new Tomcat.
Date Wed, 11 Jun 2008 23:37:23 GMT
> From: André Warnier [mailto:aw@ice-sa.com]
> Subject: Re: Moving from a very old Tomcat to a new Tomcat.

> The servlet now calls sess = request.getSession().

Better if the servlet were to call request.getSession(false) and check the result for null.
 If not null, then either authentication or some other part of the webapp created the session,
and the servlet can trust that it's valid.  If null, then an appropriate slap on the wrist
can be returned to the client.

> And now the application tries to retrieve, from sess, one
> of the attributes it stored in the session earlier.
> It will most probably get a null, which means that the
> atribute does not exist, which fact may be significant to
> the application.

And this is another, albeit somewhat indirect, means of determining that the current session
is not a particularly useful one.

> Is that a valid concern, and a reason to always compare the cookie
> session-id with the current session's session-id, or am I missing
> something again ?

No reason to compare cookies, since Tomcat has already done that for you.

 - Chuck


THIS COMMUNICATION MAY CONTAIN CONFIDENTIAL AND/OR OTHERWISE PROPRIETARY MATERIAL and is thus
for use only by the intended recipient. If you received this in error, please contact the
sender and delete the e-mail and its attachments from all computers.

---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org


Mime
View raw message