Github user kkolinko commented on the issue:
https://github.com/apache/tomcat/pull/76
1. Create an entry in Bugzilla and reference this PR, so that this is
correctly mentioned in change log.
http://tomcat.apache.org/bugreport.html
2. I do not mind this utility filter being added to Tomcat. It is small and
there might be uses for it.
It is the same as the default of "<%@page session="true"%>" in JSPs.
But I think that its use for WebSocket needs some additional explanation /
discussion, and maybe a different fix.
> "too late to initialize the HttpSession object"
The HttpSession is a tool that is used to share some information between
requests. It is only useful if there is a subsequent request from the same
client that is associated with the same session.
If the session is identified via a cookie (there are also different
configuration options), it means that the client should receive a Set-Cookie
header with a HTTP response and process it (in "101 Switching Protocols" HTTP
response).
I have not tested whether the Set-Cookie header in a "101 Switching
Protocols" response is recognized by actual clients.
> handshakeRequest.getHttpSession().getServletContext()
The above code is odd. You are not sharing some information, but are
accessing some static configuration object. There should be an easier way to
obtain a ServletContext. It is not what a session is needed for.
---
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
