On Fri, 13 Dec 2002, Jeff Wishnie wrote:
> Date: Fri, 13 Dec 2002 17:35:18 -0800 > From: Jeff Wishnie <[EMAIL PROTECTED]> > Reply-To: Tomcat Users List <[EMAIL PROTECTED]> > To: Tomcat Users List <[EMAIL PROTECTED]> > Subject: HttpSessionListern BUG in 4.1.12 ! ?! > > It appears the session object in the SessionEvent passed into >HttpSessionListener.sessionCreated and > HttpSessionListener.sessionDestroyed is the session _facade_ >org.apache.catalina.session.StandardSessionFacade > > But the one passed into HttpSessionAttributeListener is the actual session object >(StandardSession)--which makes it very hard to do > identity tests between the sessions passed into the two sets of interfaces.... > > Is this a known bug??? > > I assume the proper implementation is for the container to always pass > in the StandardSession and _not_ the facade. Is this correct? > Actually, it would be the other way around -- the facade should always be passed. The reason for having a facade is to prevent webapps from using Java reflection to access internals of the container's implemewntation objects. As another responder points out, trying to use object identity for your scenario isn't going to be portable (even to different versions of a container where it might work the first time) -- match on session id instead. > - jeff Craig -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
