----- Original Message -----
Sent: Thursday, November 22, 2001 6:15
PM
Subject: Re: HttpSession creation
Hello.
Trying to stop a session from
being created is not valid.
Sessions are not user-dependant.
Sessions are a handshake between a server and a client. You should have
thought another way to do that. Maybe check if the user HAS
authenticated.
.getSession() and
.getSession(boolean) methods are to get access to the session, not to create
the session. Creation is left to the App server.
What happens is, that when a
client contacts your Server the session IS created. That's it.
Forget the option to disable that.
It has no sense.
If you REALLY need to do that...
Use "session.invalidate()" everytime you see, that the user has not logged.
That way a session will be recreated every time the client
connects.
Lachezar.
P.S. Sessions are good to store
info in them. But user management should NOT be connected with
it.
hi,
i'm trying to ensure that the only time a
session is created is after a successful user login.
is there any other way apart from
HttpServletRequest.getSession( ), or HttpServletRequest.getSession( boolean
create) that a HttpSession can be created?
i've trawled through the J2EE API but haven't
seen any other methods that might create a session -- was just wondering if
there was some sort of side-effect way, say, if you redirect a request or
pass a request through a filter chain or something???
thanks,
greg.
