7 messages in org.apache.tomcat.usersRe: HttpSessionListern BUG in 4.1.12 ...| From | Sent On | Attachments |
|---|---|---|
| aps olute | Dec 13, 2002 9:25 am | |
| Jacob Kjome | Dec 13, 2002 9:40 am | |
| aps olute | Dec 13, 2002 5:16 pm | |
| Jeff Wishnie | Dec 13, 2002 5:34 pm | |
| aps olute | Dec 13, 2002 5:39 pm | |
| Noel J. Bergman | Dec 13, 2002 7:00 pm | |
| Craig R. McClanahan | Dec 14, 2002 3:26 pm |
| Subject: | Re: HttpSessionListern BUG in 4.1.12 ! ?! | |
|---|---|---|
| From: | Craig R. McClanahan (crai...@apache.org) | |
| Date: | Dec 14, 2002 3:26:53 pm | |
| List: | org.apache.tomcat.users | |
On Fri, 13 Dec 2002, Jeff Wishnie wrote:
Date: Fri, 13 Dec 2002 17:35:18 -0800 From: Jeff Wishnie <je...@deluxebiz.com> Reply-To: Tomcat Users List <tomc...@jakarta.apache.org> To: Tomcat Users List <tomc...@jakarta.apache.org> Subject: HttpSessionListern BUG in 4.1.12 ! ?!
It appears the session object in the SessionEvent passed into
HttpSessionListener.sessionCreated and
HttpSessionListener.sessionDestroyed is the session _facade_
org.apache.catalina.session.StandardSessionFacade
But the one passed into HttpSessionAttributeListener is the actual session
object (StandardSession)--which makes it very hard to do
identity tests between the sessions passed into the two sets of interfaces....
Is this a known bug???
I assume the proper implementation is for the container to always pass in the StandardSession and _not_ the facade. Is this correct?
Actually, it would be the other way around -- the facade should always be passed. The reason for having a facade is to prevent webapps from using Java reflection to access internals of the container's implemewntation objects.
As another responder points out, trying to use object identity for your scenario isn't going to be portable (even to different versions of a container where it might work the first time) -- match on session id instead.
- jeff
Craig