Hi, The behavior you're seeing is consistent with the servlet specification. If a client chooses not to join a session (which the page session="false" directive indicates), the container may still create sessions for the client, just that it will be a new session each time, with a new ID and empty attributes. This is in the Servlet Spec but summarized nicely in the 2nd to last paragraph of the HttpSession class JavaDoc.
Yoav Shapira Millennium Research Informatics >-----Original Message----- >From: Frank Zammetti [mailto:[EMAIL PROTECTED] >Sent: Wednesday, June 16, 2004 10:36 AM >To: [EMAIL PROTECTED] >Subject: Vexing session creation issue > >I sent this to the Struts mailing list as well, but it seems like it could >be a Tomcat issue as well (probably just some config option I don't know >about)... > >Argh, this one is hurting my head... > >I have an application that starts out by returning index.jsp (it's the >welcome file). This JSP opens a new window via JavaScript and loads into >it >index1.jsp. index1.jsp populates five frames of a frameset. At the end of >all this, my logon screen is seen. > >The important thing to note here is that no Actions are executed to this >point, it's just loading JSP's, and there is not really any JSP code in any >of these except for a bunch of request.getContextPath() calls. No code >accesses session or anything like that, and there are only two references >to >getting anything out of request (because the logon page might be shown >after >a bad attempt, and I need to get the userID and password that was >attempted). In all of them, I have session="false" in the page tag. > >Now... I've created a SessionListener to tell me when a session is created >or destroyed. Problem is, during all these JSP loads, the create event >fires TWICE! What's worse, session is NOT null (which I expected it to >be), >and worse still, I'm getting two DIFFERENT session ID's! It looks like two >sessions are being created when it seems like absolutely NONE should be. > >I'm banging my head against the wall with this one. Anyone have any ideas? >Thanks folks! > >Frank > >_________________________________________________________________ >MSN 9 Dial-up Internet Access fights spam and pop-ups - now 3 months FREE! >http://join.msn.click-url.com/go/onm00200361ave/direct/01/ > > >--------------------------------------------------------------------- >To unsubscribe, e-mail: [EMAIL PROTECTED] >For additional commands, e-mail: [EMAIL PROTECTED] This e-mail, including any attachments, is a confidential business communication, and may contain information that is confidential, proprietary and/or privileged. This e-mail is intended only for the individual(s) to whom it is addressed, and may not be saved, copied, printed, disclosed or used by anyone else. If you are not the(an) intended recipient, please immediately delete this e-mail from your computer system and notify the sender. Thank you. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
