Oh yes, that sounds like a great idea! I wonder why we didn't come up with this earlier, the simplest ideas are the hardest to find ;)
My preference would be the name withSession. Regards, Christoph -----Ursprüngliche Nachricht----- Von: Lukasz Lenart [mailto:lukaszlen...@apache.org] Gesendet: Mittwoch, 19. September 2018 08:50 An: Struts Developers List <dev@struts.apache.org> Betreff: Avoid using setters Hi, In matter of security I wonder if we should stop using setters in internal API. Like in SessionAware interface we use setSession() and each actions must implement this method. Then we have a logic to avoid mapping incoming values to setSession() to permit injecting values into Session. Instead setSession() we can use withSession() or applySession() - the same can be applied to any *Aware interface. This will take time, we can mark existing interfaces or methods as deprecated and put new one as alternatives. Anyway, wdyt? Regards -- Łukasz + 48 606 323 122 http://www.lenart.org.pl/ --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@struts.apache.org For additional commands, e-mail: dev-h...@struts.apache.org