Quoting Nicolas De Loof <[EMAIL PROTECTED]>: > I've made a grep on Struts 1.1 sources. I noticed some case where a session > is created that seems to me 'uncontroled' : > > > RequestProcessor uses request.getSession() : > - in processLocale if controller is configured to use Locale (default = > true) > > HTMLTag uses request.getSession() : > - in currentLocale() : if any JSP uses <html:html> a session is created ! > > o.a.s.validator.Ressouces uses request.getSession() : > - in getLocale(request) : If validator is used (for example to validate login > page) a session will allways be created > > > Isn't they're any way NOT to create a session for a user that hasn't been > authentified ? > > Nico. >
Besides the places where Struts itself creates a session, if you're using JSP you should be aware that every JSP page will create a session unless you tell it not to: <%@ page session="false" %> Craig --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]