Diging for another problem in the source code I found the following piece
of code that is called on
org.apache.openejb.server.httpd.HttpResponseImpl.writeMessage(...) - so
pretty much on any response for the OpenEJBHttpServer:
/** closes the message sent to the browser
*/
private void closeMessage() {
setContentLengthHeader();
setCookieHeader();
}
private void setCookieHeader() {
if (request == null || request.getSession() == null) return;
HttpSession session = request.getSession(false);
if (session == null) return;
<= the session will never be null here because you are calling
request.getSession(true) implicitly in line 1 of setCookieHeader() which
will create a session if there is none. This will in the end mean that
every request hitting the appserver will create a session even if it doesnt
require one ...
I am wondering if this is really on purpose or if this is a bug that needs
to be posted ... I found this in trunk and in version 1.5.2
Thanks
