Re: HttpSession creation

[Lachezar Dobrev]

Hello.    Trying to stop a session from being created is not valid.    Sessions are not user-dependant. Sessions are a handshake between a server and a client. You should have thought another way to do that. Maybe check if the user HAS authenticated.      .getSession() and .getSession(boolean) methods are to get access to the session, not to create the session. Creation is left to the App server.    What happens is, that when a client contacts your Server the session IS created. That's it.    Forget the option to disable that. It has no sense.    If you REALLY need to do that... Use "session.invalidate()" everytime you see, that the user has not logged. That way a session will be recreated every time the client connects.        Lachezar.      P.S. Sessions are good to store info in them. But user management should NOT be connected with it.     hi,   i'm trying to ensure that the only time a session is created is after a successful user login.   is there any other way apart from HttpServletRequest.getSession( ), or HttpServletRequest.getSession( boolean create) that a HttpSession can be created?   i've trawled through the J2EE API but haven't seen any other methods that might create a session -- was just wondering if there was some sort of side-effect way, say, if you redirect a request or pass a request through a filter chain or something???   thanks, greg.