Hi,
[-
this disucsses Bug 10419 and 10418. See details in
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10419
and
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=10418
with a bug-demonstration servlet
http://www.freiheit.com/users/hzeller/SessionBugDemonstration.java
this
On Wed, 3 Jul 2002, Henner Zeller wrote:
We always have the problem, that we might get multiple session ids (from
the URL, from _multple_ cookies).
You should not be getting multiple session id cookies for different
webapps unless (a) the context paths overlap, or (b) your client is not
Hi,
We always have the problem, that we might get multiple session ids (from
the URL, from _multple_ cookies).
You should not be getting multiple session id cookies for different
webapps unless (a) the context paths overlap, or (b) your client is not
following the rules of the specs.
On Wed, 3 Jul 2002, Henner Zeller wrote:
Date: Wed, 3 Jul 2002 20:33:11 +0200 (CEST)
From: Henner Zeller [EMAIL PROTECTED]
Reply-To: Tomcat Developers List [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Subject: Re: [Bug 10419] - Session-ID grabbing from Request accepts
Hi,
If you want the *current* session for this request, you should always call
request.getSession() instead.
Yes. This is correctly working in tomcat 3.x: the getRequestedSessionId()
returns one of the IDs with preference to the cookie; the getSession()
returns the current session. perfect.
On Wed, 3 Jul 2002, Henner Zeller wrote:
Date: Wed, 3 Jul 2002 21:10:14 +0200 (CEST)
From: Henner Zeller [EMAIL PROTECTED]
Reply-To: Tomcat Developers List [EMAIL PROTECTED]
To: Tomcat Developers List [EMAIL PROTECTED]
Subject: Re: [Bug 10419] - Session-ID grabbing from Request accepts
Hi,
OK, but why should the requested session id from the URL be considered any
more likely to be valid than a session id from the cookie? They both got
created at the same time (when this page was generated), and will have the
same value if you did the normal thing of using