tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christopher Schultz <>
Subject Re: Trying to find
Date Fri, 15 Apr 2011 19:15:32 GMT
Hash: SHA1


On 4/14/2011 9:58 AM, Mathew Samuel wrote:
> So I do in fact have a reference to the HttpSession related to the
> currently-running request. However I do a "getAttributeNames()" to it
> but the Enumeration I get back is empty (i.e. non-null but empty so
> that a "hasMoreElements()" call to the HttpSession object says
> "false").
> The "org.apache.catalina.filters.CSRF_NONCE" key should be an
> attribute correct?

Tomcat "hides" certain session attributes from the enumeration returned
by getAttributeNames. It's possible that this is one of them. Can you
try to query it directly?

Check out the code for the filter to see how it's used:

> Although it is quite likely that I'm doing something wrong as I
> wouldn't figure that the Enumeration returned by
> "getAttributeNames()" would be empty although a "getId()" call to the
> HttpSession object is at least returning something so I know there is
> an actual HttpSession object present anyways.

That is definitely good.

> So yeah should "org.apache.catalina.filters.CSRF_NONCE" be listed as
> on of the attributes I would get back if a "getAttributeNames()" call
> had been made to the HttpSession object?

Maybe :)

- -chris
Version: GnuPG v1.4.10 (MingW32)
Comment: Using GnuPG with Mozilla -


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message