Michael,
getSession() is the same as getSession(true)
IIRC from the servlet spec, the behaviour is that only a new session is created if there is no valid existing session.
Exactly. It forces creation of new session if it is not there. And on the other hand, getSession(false) returns null if there is no session, and does not force session creation.
The boolean flag does not force the creation of a new one if a session exists already, you would have to invalidate the existing one first.
You missed the point. Usage of getSession() forces creation of new session, which means that module *will* create new session, despite the documentation which says otherwise:
<strong>NOTE:</strong> The module does not create a new session
So it is a bug.
Vadim
HTH Jorg
Michael Gerzabek wrote:
recently I found another bug in SessionModule. Though it say's explicitly it
doesn't create a new seesion on default it does exactly this. See the pasted
snapshots below.
from o.a.c.environment.Session (javax.servlet.http.HttpSession) Interface:
/**
*
* Returns the current session associated with this request,
* or if the request does not have a session, creates one.
*
* @return the <code>Session</code> associated
* with this request
*
* @see #getSession(boolean)
*
*/
Session getSession();
from o.a.c.components.module.input.SessionModule: /* ... * <strong>NOTE:</strong> The module does not create a new session. */
protected Object getContextObject(Configuration modeConf, Map objectModel) {
return ObjectModelHelper.getRequest(objectModel).getSession(); }
it should be return ObjectModelHelper.getRequest(objectModel).getSession( false );
Regards Michael
