JSPs are designed to create sessions automatically - unless you explicitly tell them NOT to.
Hence, calling <%= request.getSession(false)%> Will always get you a session. There is a JSP directive you need to use which will prevent your JSP from creating a session. I'm sure you can find the directive. Regards Harry > Hello All, > > I'm a little confused about the creation of new sessions. I have a > webapp running (Tomcat 5.0.19), and I can see from a SessionListener > that the session is timed out - Session destroyed, all attributes > removed. So far, so good. But when a subsequent request is made like > the following excerpt from a JSP page: > > <%= request.getSession(false)%> > > I would have expected to get null as the response, instead I get a > non-null session object (e.g. > [EMAIL PROTECTED]) and the > SessionListener reports that a new session was indeed created at the > time of the JSP request. > > So, it seems to me that a session is always created when the > getSession() method is called regardless of the boolean parameter. > > Can someone clarify for me? > > Thanks! > > > > -- john > > ===================================================== > John Cartwright > Associate Scientist > Geospatial Data Services Group > CIRES, National Geophysical Data Center/NOAA > (303) 497-6284 > [EMAIL PROTECTED] > ===================================================== --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]