Michael Jouravlev wrote:
Hi, I hope am I in the right mail-list with this question. I guess
that if I use Tomcat, then HttpRequest.isRequestedSessionIdFromURL()
is implemented by Tomcat.
I have a request, which contains *both* session ID in cookie *and*
session ID in the rewritten URL. isRequestedSessionIdFromCookie()
return true, but isRequestedSessionIdFromURL() returns false. It seems
that isRequestedSessionIdFromURL() should return true. Is this a bug?
Interesting question.
The Servlet 2.3 spec says:
"
public boolean isRequestedSessionIdFromURL()
Checks whether the requested session ID came in as part of the request URL.
Returns: true if the session ID came in as part of a URL; otherwise,
false"
I would interpret it this way: if the session id, which should be used
was extracted from the URL, then return true.
If however the cookie contains the same id and was checked first (which
is default I think) then the requested session id came from the cookie!
Imagine what would happen if always both would be checked and URL and
cookie would contain 2 different ids.
Christoph
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
