Guenther Wieser wrote:
> Hi!
>
> I found out that if I call HttpServletRequest.getSession(true), a new
> session is created!
> In the JSDK docs HttpServletRequest.getSession(boolean) is definied that
> if true is given a new session will be created if and only if no session
> is available.
> Is this a bug or a feature, which means: Do I understand the use of the
> boolean var correct or not and so jserv has a bug?
>
My experience has been that Apache JServ correctly follows the servlet API
requirements as to when a new session is created. In fact, I use sessions
(among other things) for exactly the scenario you describe -- checking to
see if the user has logged in yet, and redirecting them to a login page if
not. The issue for you might be in how the session identifier is sent back
and forth between the server and your browser.
First, I am assuming that you are executing the getSession(true) call on a
request AFTER the one in which the session was created, right? The servlet
API says that a session isn't available until the client acknowledges that
it wants to participage, and that cannot happen until it returns the
session identifier in a subsequent request.
Second, the servlet API defines two mechanisms by which session identifiers
can be passed back and forth -- via cookies, or via URL rewriting. If you
have cookies enabled on your browser, this is pretty transparent. If you
do not then your servlet *must* use the HttpServletResponse.encodeUrl()
method around every hyperlink in the dynamically generated HTML that points
back at this server. This method will add the session identifier to the
URL in some servlet engine specific manner (Apache JServ adds a query
parameter). So, do you have cookies enabled, or (if not) are you using URL
rewriting?
If neither of these thoughts helps, please post some more details about
your environment and configuration files. In particular, it might be
useful to turn on some or all of the debug trace logging facilities to help
determine exactly what is happening.
Craig McClanahan
----------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html/>
Problems?: [EMAIL PROTECTED]
