David Vandegrift <[EMAIL PROTECTED]> writes:
> To get HttpSession.invalidate() to work, I modified my Turbine.java by
> adding the following try/catch block around data.getSession().removeValue()
> in the doGet() method.
>
> Does anyone see any potential problems with doing this?
> It seems harmless to me.
>
> Without this one cannot invalidate an HttpSession which is important when
> using Container Managed security (logging out for example).
>
> Thanks,
> David
>
>
> --------cut from doGet() ------------------
>
> // If a module has set data.acl = null, remove acl from
> // the session.
> if ( data.getACL() == null )
> {
> try <--- new try/catch block
> {
> data.getSession().removeValue(
> AccessControlList.SESSION_KEY);
> }
> catch (IllegalStateException e) { } // do nothing, it's gone
> }
Huh. What container are you using?
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
