Antwort: RE: How to really destroy a Session

2004-04-16 Thread marc . baumgartner 





I have tested some other cases:

We have a SessionListener who sets a flag of the user to logout out, when
there is a session invalidate. Now it seems that the session.invalidate()
don't calls the listener in Tomcat 5.0. is this possible?

Thanks,
Marc





   

  Mike Curwen

  [EMAIL PROTECTED] An:  'Tomcat Users List' 
[EMAIL PROTECTED] 
  m   Kopie:  

   Thema:   RE: How to really destroy a 
Session
  16.04.04 15:56   

  Bitte antworten  

  an Tomcat Users 

  List

   

   




The cookie is removed when the user closes the browser, no ?


 -Original Message-
 From: [EMAIL PROTECTED]
 [mailto:[EMAIL PROTECTED]
 Sent: Friday, April 16, 2004 8:34 AM
 To: [EMAIL PROTECTED]
 Subject: How to really destroy a Session






 Hi all,

 I am using Tomcat 5.0.19.

 In my application the generated sessions are identified by a
 cookie on the client. I only allow single sign on. Now I want
 to destroy the session and I call in a session an
 invalidate() and the session isn't available. Then the
 application  redirect the request to the start page. But
 there is still the cookie with JSESSIONID on the client and
 there is no new session possible.

 Is there a solution to remove these cookies?

 Thanks,
 Marc


 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]



-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]





-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Re: Antwort: RE: How to really destroy a Session

2004-04-16 Thread Jacob Kjome 
Quoting [EMAIL PROTECTED]:
 
 I have tested some other cases:
 
 We have a SessionListener who sets a flag of the user to logout out, when
 there is a session invalidate. Now it seems that the session.invalidate()
 don't calls the listener in Tomcat 5.0. is this possible?
 
 Thanks,
 Marc
 

I have seen similar behavior.  See
http://issues.apache.org/bugzilla/show_bug.cgi?id=18479

The bug is marked resolved fixed, but look at the messages where I (Jacob
Kjome) start commenting.  I think this bug shouldn't be marked fixed until
sessionDestroyed() is called properly just as valueUnbound() is now called
properly with the current fix for this bug.  Basically, sometimes the listener
collection returned by the following code in StandardSession is null, making it
so HttpSessionAttributeListener's are not called when they should be...

Context context = (Context) manager.getContainer();
Object listeners[] = context.getApplicationEventListeners();


If you can show an alternate way or reproducing this bug, maybe the Tomcat
committers will actually give attention to the issue, because I don't see them
paying any attention to it now, even though I've shown that it is a problem.


Jake


 
 
 
 
 
   Mike Curwen
   [EMAIL PROTECTED] An:  'Tomcat Users List'
 [EMAIL PROTECTED]
   m   Kopie:
Thema:   RE: How to really
 destroy a Session
   16.04.04 15:56
   Bitte antworten
   an Tomcat Users
   List
 
 
 
 
 
 The cookie is removed when the user closes the browser, no ?
 
 
  -Original Message-
  From: [EMAIL PROTECTED]
  [mailto:[EMAIL PROTECTED]
  Sent: Friday, April 16, 2004 8:34 AM
  To: [EMAIL PROTECTED]
  Subject: How to really destroy a Session
 
 
 
 
 
 
  Hi all,
 
  I am using Tomcat 5.0.19.
 
  In my application the generated sessions are identified by a
  cookie on the client. I only allow single sign on. Now I want
  to destroy the session and I call in a session an
  invalidate() and the session isn't available. Then the
  application  redirect the request to the start page. But
  there is still the cookie with JSESSIONID on the client and
  there is no new session possible.
 
  Is there a solution to remove these cookies?
 
  Thanks,
  Marc
 
 
  -
  To unsubscribe, e-mail: [EMAIL PROTECTED]
  For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 
 
 
 
 
 -
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]

-
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]