I believe it's because they were trying to figure out whether they had a new session because the old one expired or because they just hit the site for the first time. In either case the session would be new.
On Fri, 2004-12-10 at 10:11, Phillip Qin wrote: > I am curious why people spent so much time trying to figure out whether > request.getSession(...) returns null or not but didn't bother using > request.getSession().isNew()? > > > > -----Original Message----- > From: Steve Kirk [mailto:[EMAIL PROTECTED] > Sent: December 9, 2004 4:36 PM > To: 'Tomcat Users List' > Subject: RE: How to detect expired session vs. no session? (Solved) > > > > By default: > > 1. getSession(true)!=null > > 2. getSession(false)!=null > > > > But if a JSP page contains the tag <%@ page session="false" %>, then: > > 1. getSession(true)!=null 2. getSession(false)==null > > In the last of these 4 cases, do you mean that the implicit JSP session > object returns null, or that request.getSession(false) returns null? I > could understand the first behaviour but would be surprised by the second. > The problem is that it implies that JSPs execute the code in a way that is > different than if it were included in a servlet, and given that JSPs are > servlets, this seems puzzling. Again, perhaps I'm not fully understanding > either your case, or the details of how sessions work. > > > For my case, sessions will only be created for logged-in > > users > > what is it about your case that makes this happen? I would have thought > that session creation is independent of whether you are authenticating or > not. Or is there a way to config TC to not create sessions by default, and > only create them when the user successfully authenticates? > > > > --------------------------------------------------------------------- > To unsubscribe, e-mail: [EMAIL PROTECTED] > For additional commands, e-mail: [EMAIL PROTECTED] > > > !DSPAM:41b8c52d300391826077954! --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]