DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40072>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40072 ------- Additional Comments From [EMAIL PROTECTED] 2006-07-20 08:56 ------- The session is only created when the session object is access in anyway. I believe the <%@ page session="false"%> directive tells the JSP layer not to access a session object in a way to cause one to be created, this is for contructing the pageContext. However the HTTP request processing still takes place to match a given cookie with a valid session object. So if you pass from code which uses a session (the login part) into code which codes not use a session, then your browser should still be giving the the Cookie: header to Tomcat with accessing both URLs. If Tomcat gets a Cookie it will always try to match it up with a session to validate it (even if the processing that is to follow doesn't require or touch the session object after all). Does your HeavyJavaScript code in anyway access and/or edit the cookies[] in the page ? Maybe you can quote the URLs of the post login page and the non-session using page to confirm if the URLs would be within the same Cookie domain. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
