DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28709>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28709 javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid() returns true for an invalidated session! [EMAIL PROTECTED] changed: What |Removed |Added ---------------------------------------------------------------------------- Status|RESOLVED |REOPENED Resolution|INVALID | Version|5.0.16 |5.0.23 ------- Additional Comments From [EMAIL PROTECTED] 2004-05-17 11:40 ------- I still think there is a bug in Tomcat 5.x. BTW I wrote two test web-applications, which will reproduce the problem for you. I have attached code for you. Please take a look at the readme for some instructions about installation and execution. Here some comments about the generell idea of the test: Servlet 1 includes Servlet2 in a cross context environment. It gets a dispatcher by "coServletContext.getRequestDispatcher(coServletPath)". Servlet2 gets a new session on the first request and invalidates this session by "httpSession.invalidate()" and tests the invalidation by "httpServletRequestWrapper.isRequestedSessionIdValid()" on the second request. "isRequestedSessionIdValid()" returns "true" instead of "false", which is a bug from my point of view. What do you think? Thank you in advance for your help. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
