Jim Gallacher wrote .. > I think the automatic session unlock needs to stay. It's just too easy > for the user to forget a manual unlock, deadlock the session and hose > their server in very short order.
What though is the consequence of the session lock not being reacquired. Ie., what happens if someone wants to modify the session object and save it after internal redirect returns. You might save a deadlock by unlocking the session object, but does it screw up the case of existing code where session is modified and saved after internal redirect returns. Am still for leaving things how they are in this respect, we know the issues involved and probably just need to beef up the documentation with big warnings so that people are aware of the internal redirect caveat. Graham
