DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=28709>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=28709 javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid() returns true for an invalidated session! ------- Additional Comments From [EMAIL PROTECTED] 2004-06-08 16:19 ------- SRV.7.3(from Version 2.4) says: ... To illustrate this requirement with an example: if a servlet uses the RequestDispatcher to call a servlet in another Web application, any sessions created for and visible to the servlet being called must be different from those visible to the calling servlet. By the way the spec. does not distinguish at this point between a named request dispatcher and a regular one. What do you exactly mean by saying "you're going to interact with the session from the first context, which is a problem" ? Does not the Spec. cover the request wrapper in an consistent manner with SRV.7.3 ? --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
