See below: > -----Original Message----- > From: Tim Funk [mailto:[EMAIL PROTECTED]] > Sent: Wednesday, January 08, 2003 2:14 PM > To: Tomcat Users List > Subject: Re: Problem with invalidating a session
> Your code invalidates the session. getSession(true) is returning a > reference to session you just the invalidated. No it's a new session. (getId() returns a different value) If that would be the problem the exception would already be thrown in 'session.putValue("Test", "Test")', but it is thrown in PageContextImpl.getAttribute() (which part of the generated code for use bean) if the scope of the bean is session. The real problem is, that pageContext has still a reference the the invalidated session. > My main point is getSession(true) must return a HttpSession. There is > nothing in the spec that states if a session becomes invalidated > during the life of a request, that getSession(true) must return a > new session. Here you have a point. I have read this in an older spec: HttpSession getSession(boolean create) Gets the current valid session associated with this request... Note the additional word 'valid'. This lead me to the conclusion it would create a session after the current session is invalidated. As two implementations (tomcat and gnujsp) behave in that way I didn't look in the current servlet spec to verify that. So to be realy spec compliant I have to omit that solution :{. -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>