https://bz.apache.org/bugzilla/show_bug.cgi?id=64713
--- Comment #2 from Robert Rodewald <robert.rodew...@kopsis.com> ---
I suppose you meant:
Boolean.TRUE.equals(map.get("javax.servlet.http.registerSession")) ?
This solves the problem of the false value being interpreted as true, but
remains somewhat inflexible if you don't (really don't) want any caching as the
register-Method with the 6 parameters (as opposed to that with 8) uses the
valve configuration to determine the values for alwaysUseSession and cache.
What I was trying to achieve was (3 cases):
1. javax.servlet.http.registerSession set to TRUE -> do caching and always
create session (OK)
2. javax.servlet.http.registerSession NOT set -> use valve config for cache and
alwaysUseSession (OK)
AND
3. javax.servlet.http.registerSession set to FALSE -> don't do caching and use
config of valve for alwaysUseSession (MISSING)
The third option is important in my opinion. I'm thinking of Bearer
authentication. As soon as you don't send the token you should not be
authenticated any more (you would now be because of cached value in the
session).
I will try to produce the patch. Will be my first time but I'll do my best.
--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
