> Or use the same trick
>
> new Throwable("Oups").printStackTrace();
>
> inside your listener to not just write out session creations and
> destroys, but the code stack at that moment. Above Wrapper is nicer,
> using the same trick in your existing listener is simpler and faster.
I did that and finally found the problematic code (of course in the web
application - in doGet/doPost of NewSessionServlet - and not in Tomcat/JBoss):
[code]
Enumeration<String> params = request.getParameterNames();
DynamicDataTransferObject ddto = (DynamicDataTransferObject)
request.getSession().getAttribute(NEW_SESSION_LAST_DTO);
if (ddto == null)
ddto = new DynamicDataTransferObject();
while (params.hasMoreElements()) {
String key = params.nextElement();
if (!request.getParameter(key).equals(ddto.get(key)))
request.getSession().invalidate();
ddto.set(key, request.getParameter(key));
}
request.getSession().setAttribute(NEW_SESSION_LAST_DTO, ddto);
[/code]
This code checks whether a complex object representing all input/request params
has been resubmitted with exactly the same values and invalidated the session x
times (where x is the number of different parameter values). This is also done
when a completely new session exists (and the params are sent for the first
time). This is complete non-sense of course.
My only apology to you is that I have not written this code and that I did not
know of it's existence :-). Still I'd like to say thank you for your great help
and valuable comments.
I now changed the code to:
[code]
Enumeration<String> params = request.getParameterNames();
DynamicDataTransferObject ddto = (DynamicDataTransferObject)
request.getSession().getAttribute(NEW_SESSION_LAST_DTO);
if (ddto == null)
ddto = new DynamicDataTransferObject();
else {
boolean invalidateSession = false;
while (params.hasMoreElements()) {
String key = params.nextElement();
if (!request.getParameter(key).equals(ddto.get(key)))
invalidateSession = true;
ddto.set(key, request.getParameter(key));
}
if (invalidateSession)
request.getSession().invalidate();
}
request.getSession().setAttribute(NEW_SESSION_LAST_DTO, ddto);
[/code]
Now session.invalidate() is called only once and only in the case where the
client already called NewSessionServlet before in the existing browser session
with different request parameter values.
One last question: I'm not sure whether it is good to call session.invalidate()
in a doPost/doGet method of a HttpServlet? Could this have negative/problematic
side-effects or is this OK?
many thanks & kind regards,
Markus
--
Sensationsangebot nur bis 30.11: GMX FreeDSL - Telefonanschluss + DSL
für nur 16,37 Euro/mtl.!* http://dsl.gmx.de/?ac=OM.AD.PD003K11308T4569a
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
