Thanks for your suggestions!
If I use getSession(false) in every servlet that is not the first to be
accessed by the user, everything works fine. That also means that in my
test scenario cookies are enabled (I can watch that when using lynx hich
asks for allowing every cookie by default or if I tell Netscape to ask
for allowing cookies).
Using lynx brought me to the idea to use getSession(false) because I
noticed that every time I acces a servlet a cookie is set.
Hm, started the Java Web Server demo 1.1.3, and OHH! everything worked
fine with getSession(true) without any code changes!
"Craig R. McClanahan" wrote:
>
> Guenther Wieser wrote:
>
> > Hi!
> >
> > I found out that if I call HttpServletRequest.getSession(true), a new
> > session is created!
> > In the JSDK docs HttpServletRequest.getSession(boolean) is definied that
> > if true is given a new session will be created if and only if no session
> > is available.
> > Is this a bug or a feature, which means: Do I understand the use of the
> > boolean var correct or not and so jserv has a bug?
> >
>
> My experience has been that Apache JServ correctly follows the servlet API
> requirements as to when a new session is created. In fact, I use sessions
> (among other things) for exactly the scenario you describe -- checking to
> see if the user has logged in yet, and redirecting them to a login page if
> not. The issue for you might be in how the session identifier is sent back
> and forth between the server and your browser.
>
> First, I am assuming that you are executing the getSession(true) call on a
> request AFTER the one in which the session was created, right? The servlet
> API says that a session isn't available until the client acknowledges that
> it wants to participage, and that cannot happen until it returns the
> session identifier in a subsequent request.
>
> Second, the servlet API defines two mechanisms by which session identifiers
> can be passed back and forth -- via cookies, or via URL rewriting. If you
> have cookies enabled on your browser, this is pretty transparent. If you
> do not then your servlet *must* use the HttpServletResponse.encodeUrl()
> method around every hyperlink in the dynamically generated HTML that points
> back at this server. This method will add the session identifier to the
> URL in some servlet engine specific manner (Apache JServ adds a query
> parameter). So, do you have cookies enabled, or (if not) are you using URL
> rewriting?
>
> If neither of these thoughts helps, please post some more details about
> your environment and configuration files. In particular, it might be
> useful to turn on some or all of the debug trace logging facilities to help
> determine exactly what is happening.
>
> Craig McClanahan
>
> ----------------------------------------------------------------
> To subscribe: [EMAIL PROTECTED]
> To unsubscribe: [EMAIL PROTECTED]
> Archives and Other: <http://java.apache.org/main/mail.html/>
> Problems?: [EMAIL PROTECTED]
--
Guenther Wieser
creative-it/Guenther Wieser Software KEG
Student of Telematik at Graz University of Technology
http://www.creative-it.com mailto:[EMAIL PROTECTED]
-> In A World Without Walls And Fences, Who Needs Windows And Gates? <-
----------------------------------------------------------------
To subscribe: [EMAIL PROTECTED]
To unsubscribe: [EMAIL PROTECTED]
Archives and Other: <http://java.apache.org/main/mail.html/>
Problems?: [EMAIL PROTECTED]
