aledsage commented on a change in pull request #1096: URL: https://github.com/apache/brooklyn-server/pull/1096#discussion_r420769989
########## File path: rest/rest-resources/src/main/java/org/apache/brooklyn/rest/util/MultiSessionAttributeAdapter.java ########## @@ -217,7 +219,11 @@ private void invalidateAllSession(HttpSession preferredSession, HttpSession loca private HttpSession findValidPreferredSession(HttpSession localSession, HttpServletRequest optionalRequest) { if (localSession instanceof Session) { SessionHandler preferredHandler = getPreferredJettyHandler((Session)localSession, true, true); - HttpSession preferredSession = preferredHandler==null ? null : preferredHandler.getHttpSession(localSession.getId()); + + SessionIdManager idManager = ((DefaultSessionIdManager)preferredHandler.getSessionIdManager()); Review comment: I see this code is mostly a copy of the impl of `sessionHandler.getHttpSession(String)`, which is now protected in jetty 9.4.22. But your code does not call `session.setIdChanged(true)`, which that method does when the id doesn't match. I've no idea what the implications are of that difference! ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: us...@infra.apache.org