This content has been marked as final.
Show 3 replies
-
1. Re: Null HttpSession using JAAS
jaikiran Oct 18, 2006 1:22 AM (in response to bjornn)Why are you using request.getSession(false)? Instead why not use the overloaded method request.getSession() which:
Returns the current session associated with this request, or if the request does not have a session, creates one.
Here's the API reference:
http://java.sun.com/j2ee/sdk_1.3/techdocs/api/javax/servlet/http/HttpServletRequest.html#getSession() -
2. Re: Null HttpSession using JAAS
bjornn Oct 18, 2006 8:05 AM (in response to bjornn)Hi jakiran,
I'm not using request.getSession() because in the case of my logout page invalidate de session, the filter would create a new one and the user would stay logged in. -
3. Re: Null HttpSession using JAAS
jaikiran Oct 18, 2006 8:13 AM (in response to bjornn)"bjornn" wrote:
in the case of my logout page invalidate de session, the filter would create a new one and the user would stay logged in.
How would that happen? Your filter will be invoked before the control is forwarded to the logout page. The logout page can then use this session(created in the filter) to invoke the invalidate method.