David Vandegrift <[EMAIL PROTECTED]> writes:
> I haven't tried it yet but how about using the following?
>
> // Note: req is the HttpServletRequest param from doGet()
> if ( (data.getACL() == null) && (req.getSession(false) != null) )
> {
> data.getSession().removeValue(AccessControlList.SESSION_KEY);
> }
>
> Servlet 2.0 API:
> public abstract HttpSession getSession(boolean create)
> Description:
> Returns the current session associated with the user making the request. If
> the user has no current valid session, this method creates one if 'create'
> is true or returns null if 'create' is false.
>
> It gets rid of the try/catch block if that's what you prefer.
>
> Although, I was just wondering if there could be a multi-thread issue. What
> if the session is invalidated inbetween calls to the req.getSession(false)
> and the removeValue() statements?
> A try/catch block would definately work appropriately. But without a
> try/catch block removeValue() might throw the IllegalStateException in some
> rare instance.
> So perhaps, the try/catch block is a cleaner solution.(?)
David, thanks for the addition suggestions and discussion. I'm going
to let things lie as is (especially seeing as how I've already made
several changes of the try/catch variety ;).
- Dan
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
