It is likely created for reasons of security. Consider this scenario: 1. User accesses app without encryption, gets a session 2. Theif is watching traffic and grabs their jsessionid 3. User logs into app via encrypted connection 4. Hacker now has access to logged-in session via the jsessionid he grabbed earlier
To combat this scenario, the container will create a new session when the user authenticates. Presumably, this new sessionid will never be sent over the network without encryption, so the logged-in session is "safe". So, I realize that doesn't solve you issue at all, but I think that is why you are seeing two sessions per user (rather than just one). -Max On Wed, 2005-12-07 at 11:36 -0700, Baker, Russ A wrote: > So then where is that straggler session coming from? > > -----Original Message----- > From: Dave Newton [mailto:[EMAIL PROTECTED] > Sent: Wednesday, December 07, 2005 11:34 AM > To: Struts Users Mailing List > Subject: Re: Session problem > > Baker, Russ A wrote: > > >A session is created by virtue of them just getting to the login page. > >If the user logs in successfully to the system they now have 2 sessions > >instead the desired result having only one that is assigned to them > when > >they successful login. That is a waste of memory! > > > > > Two sessions? I don't know what you mean by that. A user has a single > session. Even if they _did_ have two, once one was no longer being > referenced it would (probably) be GC'd anyway. > > Dave > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
