Hello E. Tse!
(Sorry, 'Tse' looks like a surname, and I can not deducte
your first name from this 'E.' to address you more friendly :-)
ET> In the LoginServlet's doPost() method, after the user is authenticated,
ET> I invalidate the current session and create a new session.
ET> Then I do a forward (instead of a redirect) to a JSP using rewritten URL.
ET> session = request.getSession(false);
ET> ...
ET> session.invalidate();
ET> session = request.getSession(true);
ET> RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(
response.encodeURL(lsURL) );
ET> dispatcher.forward( request, response );
ET> The session ID that's encoded to the URL is the old session ID instead of
ET> the new one.
ET> I tried to remove all session attributes of the current session instead of
ET> creating a new one and got a ConcurrentModificationException.
ET> session = request.getSession(false);
ET> ...
ET> Enumeration attrNames = session.getAttributeNames();
ET> String attrName = "";
ET> while (attrNames.hasMoreElements())
ET> {
ET> attrName = (String)attrNames.nextElement();
ET> session.removeAttribute( attrName );
ET> }
ET> RequestDispatcher dispatcher = getServletContext().getRequestDispatcher(
response.encodeURL(lsURL) );
ET> dispatcher.forward( request, response );
ET> and got:
ET> java.util.ConcurrentModificationException
ET> at java.util.HashMap$HashIterator.next(HashMap.java:736)
ET> at org.apache.catalina.util.Enumerator.nextElement(Enumerator.java:166)
Lets start from the end. I could successfully reproduce your error
with the follwoing code:
import java.util.*;
public class A{
public static void main(String args[]){
HashMap h = new HashMap();
h.put("1","1");
h.put("2","2");
h.put("3","3");
Iterator i = h.keySet().iterator();
while ( i.hasNext() ){
String s;
h.remove( s = (String)i.next() );
System.out.println( s );
}
}
}
So we see what the nature of the error is!
This is actually a misuse of the HashMap
class. (Well, i did not understand the
docs very well, but since this is an
exception, hence it's a misuse.
What we should have done would be
while ( i.hasNext() ){ i.next(); i.remove() }
but we can't do that as the iterator is wrapped
into a Enumeration, accordingly to the servlet
spec.
What could be done:
we could try
Enumeration attrNames = session.getAttributeNames();
Vector v = new Vector();
while (attrNames.hasMoreElements())
{
v.addElement( attrNames.nextElement() );
}
for (int i=0;i<v.size();++i)
session.removeAttribute( (String)v.get(i) );
Or you could use some Java2 collection instead of
Java1 Vector.But this is a little wastefull on the
resources.
On the other hand the following jsp works fine
for me on Tomcat 4.0.1 (with cookies switched off
in the browser)
<%@ page import="javax.servlet.http.*" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
"http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
<html>
<body>
response.encodeURL("/a")=<%=response.encodeURL("/a")%><br />
<%
HttpSession s = request.getSession();
%>
id = <%=s.getId()%><br />
s.invalidate() <br /><%s.invalidate();%>
id = <%=s.getId()%><br />
<%
HttpSession s2 = request.getSession(true);
%>
id2 = <%=s2.getId()%><br />
response.encodeURL("/a")=<%=response.encodeURL("/a")%><br/>
</body>
</html>
I mean that i get the new id encoded to the url.
Does it work for you? Maybe you should switch for a newer Tomcat?
--
Best regards,
Anthony mailto:[EMAIL PROTECTED]
___________________________________________________________________________
To unsubscribe, send email to [EMAIL PROTECTED] and include in the body
of the message "signoff SERVLET-INTEREST".
Archives: http://archives.java.sun.com/archives/servlet-interest.html
Resources: http://java.sun.com/products/servlet/external-resources.html
LISTSERV Help: http://www.lsoft.com/manuals/user/user.html
