Tamás, I've encountered the same problem and approached it in a slightly different way. Basically, I created my own implementation of SessionManager and Session that are backed only by the HttpServletRequest. Each session's lifecycle is tied to the request.
I'd also be interested in criticism of this approach, or if anyone is interested in seeing the code I'd be happy to share it. Thanks, Jared
signature.asc
Description: OpenPGP digital signature
