However, this does point to the need for default
behavior of tomcat session generation code (or any
interceptor or module code) in the absence of expected
configuration info in server.xml.
That's a good point, but I'm wondering how could it be implemented.
The whole idea of modules is that each can be replaced with a better
version ( for example a more secure or more efficient scheme to generate
the ids ), so we can't just check for specific modules.
Well, there is a solution ( I'm not sure how can we code it ) - have an
automated way to run watchdog and sanity to validate the config files. If
watchdog/sanity are passing - then probably the config is valid :-)
Costin
Mel
getNewSession is calling setState( STATE_NEW ), that
calls the
sessionState callback that allows modules to
initialize the new session
object - and SessionIdGenerator is setting the id (
using whatever
random).
I can't understand what's wrong - my only guess is
that SessionIdGenerator
is not included.
I didn't had too much time this weekend ( to restart
the nightly tests ),
but I hope to resolve those issues soon.
Costin
object, the .toString() method to get a string
representation of the
session id returns null. When getNewSession()
tries to use this value
as a key into the sessions hashtable, a
NullPointerException is thrown.
__
Do You Yahoo!?
Get email at your own domain with Yahoo! Mail.
http://personal.mail.yahoo.com/