Markus, >>>> If the session is mandatory, I recommend changing: >>>> >>>> request.getSession(false) >>>> to >>>> request.getSession(true) >>> Thanks for your quick answer. The problem I want to solve is only to >>> create a session if it is really needed, so #redirectToURLWithSID is a >>> little bit more complicated that this. >> What is your definition of "is really needed"? I would say that NOT >> having a session is a good indication that you SHOULD create one. Am I >> missing the point? > > Not having a session results in not sending cookies nor sids and thats what > I want, at least for pages where it isn't needed.
Some part of your logic is missing: you do not have a case where it is known that you MUST create a session. Therefore, you never create a session. Your code tries and tries again (redirecting continuously) but never creates a session because you are not handling the case where you want to create one. You must create a session at some point: you're just not doing it. -chris
signature.asc
Description: OpenPGP digital signature