Summary: | request.getSession(false) fails to return null. | ||
---|---|---|---|
Product: | Tomcat 5 | Reporter: | blumm |
Component: | Catalina | Assignee: | Tomcat Developers Mailing List <dev> |
Status: | CLOSED FIXED | ||
Severity: | major | ||
Priority: | P2 | ||
Version: | 5.5.6 | ||
Target Milestone: | --- | ||
Hardware: | PC | ||
OS: | Linux |
Description
blumm
2004-12-23 16:28:21 UTC
Please do not reopen this report. If you disagree with my resolution, please bring this forward to the servlet specification, and persuade them to make the necessary specification changes. BTW, I disagree with what you point out. What you want is actually a shared session across all contexts. Again, this is a blatant misconception on the part of the portlet specification and its design, since all the servlet specification ever said was that a separate session object would be returned for each context, with no further precisions. I believe this bug has been valid: If the session in the foreign context has been invalidated, it must not be returned. A comment in the code actually stated that the current session be returned "if it exists and is valid", but the isValid() check on the session was missing, and is being added by this commit. Also, a session is now created in the foreign context only if 'create' is TRUE. |