https://bz.apache.org/bugzilla/show_bug.cgi?id=65853
--- Comment #19 from Marvin Fröhlich <apa...@froehlich-mail.net> --- (In reply to Mark Thomas from comment #18) > So in your code the call to getNonceCache() will create a cache instance if > none is found? That doesn't seem quite right. I'd expect that method to > return null if the cache doesn't exist rather than the create a new instance. Well, the reason for many of the extensions is, that we need to distinguish between window contexts. The session is the same, but the request might come from another window (popup). Without this distinction the nonce chain will get broken once a popup is opened for a session. And this needs special treatment (separate nonce caches). Actually I think, this feature is missing in your implementation. (In reply to Mark Thomas from comment #18) > I've refactored things a bit more so getNonceCache() is only called when > necessary. Let me know what you think. Yes, this looks fine. Thanks. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
