-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1
Markus,
Markus Reis wrote:
> I [set up a filter that emits stack traces] and finally found the
> problematic code (of course in the web application - in doGet/doPost
> of NewSessionServlet - and not in Tomcat/JBoss):
>
> [snip]
>
> while (params.hasMoreElements()) {
> String key = params.nextElement();
> if (!request.getParameter(key).equals(ddto.get(key)))
> request.getSession().invalidate();
> ddto.set(key, request.getParameter(key));
> }
> request.getSession().setAttribute(NEW_SESSION_LAST_DTO, ddto);
>
> [snip]
>
> This is complete non-sense of course.
:)
> My only apology to you is that I have not written this code and that
> I did not know of it's existence :-). Still I'd like to say thank you for
> your great help and valuable comments.
No problem. Just make sure you remember how you tracked-down this
problem so you can add this technique to your mental toolbox.
> One last question: I'm not sure whether it is good to call
> session.invalidate() in a doPost/doGet method of a HttpServlet? Could
> this have negative/problematic side-effects or is this OK?
I'm not sure where else you would call session.invalidate(). Sure, you
could put it into a separate method, but your servlet pretty much always
has to have doPost or doGet called by the container. There's no reason
to fear invalidating a session.
- -chris
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.9 (MingW32)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEARECAAYFAkkdnPgACgkQ9CaO5/Lv0PB5FACfYbHM0ntpTOR2tmZpMxhUaOq2
Va4AoKg5iecm8u6Ll1b3XduUZ6StKqpT
=cJfW
-----END PGP SIGNATURE-----
---------------------------------------------------------------------
To start a new topic, e-mail: users@tomcat.apache.org
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
