-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 Markus,
Markus Reis wrote: > I [set up a filter that emits stack traces] and finally found the > problematic code (of course in the web application - in doGet/doPost > of NewSessionServlet - and not in Tomcat/JBoss): > > [snip] > > while (params.hasMoreElements()) { > String key = params.nextElement(); > if (!request.getParameter(key).equals(ddto.get(key))) > request.getSession().invalidate(); > ddto.set(key, request.getParameter(key)); > } > request.getSession().setAttribute(NEW_SESSION_LAST_DTO, ddto); > > [snip] > > This is complete non-sense of course. :) > My only apology to you is that I have not written this code and that > I did not know of it's existence :-). Still I'd like to say thank you for > your great help and valuable comments. No problem. Just make sure you remember how you tracked-down this problem so you can add this technique to your mental toolbox. > One last question: I'm not sure whether it is good to call > session.invalidate() in a doPost/doGet method of a HttpServlet? Could > this have negative/problematic side-effects or is this OK? I'm not sure where else you would call session.invalidate(). Sure, you could put it into a separate method, but your servlet pretty much always has to have doPost or doGet called by the container. There's no reason to fear invalidating a session. - -chris -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.9 (MingW32) Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org iEYEARECAAYFAkkdnPgACgkQ9CaO5/Lv0PB5FACfYbHM0ntpTOR2tmZpMxhUaOq2 Va4AoKg5iecm8u6Ll1b3XduUZ6StKqpT =cJfW -----END PGP SIGNATURE----- --------------------------------------------------------------------- To start a new topic, e-mail: users@tomcat.apache.org To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]