See below:
> -----Original Message-----
> From: Tim Funk [mailto:[EMAIL PROTECTED]]
> Sent: Wednesday, January 08, 2003 2:14 PM
> To: Tomcat Users List
> Subject: Re: Problem with invalidating a session
> Your code invalidates the session. getSession(true) is returning a
> reference to session you just the invalidated.
No it's a new session. (getId() returns a different value)
If that would be the problem the exception would already be
thrown in 'session.putValue("Test", "Test")', but it is thrown
in PageContextImpl.getAttribute() (which part of the generated
code for use bean) if the scope of the bean is session.
The real problem is, that pageContext has still a reference
the the invalidated session.
> My main point is getSession(true) must return a HttpSession. There is
> nothing in the spec that states if a session becomes invalidated
> during the life of a request, that getSession(true) must return a
> new session.
Here you have a point. I have read this in an older spec:
HttpSession getSession(boolean create)
Gets the current valid session associated with this request...
Note the additional word 'valid'. This lead me to the conclusion
it would create a session after the current session is invalidated.
As two implementations (tomcat and gnujsp) behave in that way I
didn't look in the current servlet spec to verify that.
So to be realy spec compliant I have to omit that solution :{.
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
