Hans Bergsten wrote:
>
> The spec may not be explicit enough about this, but the session object
> you get back from the getSession() object is a container-managed object
> that the application is not supposed/allowed to keep long-lived
> references
> to. It's the same as with all other container-objects made available to
> the
> application; request, response, JSP tag handlers, etc.
>
I would have agreed with you before I read the
following in the 2.3PFD spec:
7.3 Session Scope
HttpSession objects must be scoped at the
application / servlet context level. The
underlying mechanism, such as the cookie
used to establish the session, can be shared
between contexts, but the object exposed, and
more importantly the attributes in that object,
must not be shared between contexts.
By mentioning that the HttpSession object cannot
be shared outside the ServletContext, it strongly
implies that it can be shared within the context.
If that sort of thing isn't allowed, then 7.3 might
need to be clarified.
-cks
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]