All, Please see http://markmail.org/thread/x4yjs62jxe4q3ns3 for reference.
I'm writing a Valve that can basically scuttle a session cookie under certain circumstances. My first implementation just had JSESSIONID as the cookie name, and I was using request.getContextPath() as the cookie path. When I went back to improve it, I changed the cookie name to a class variable that was configurable. When I was writing my documentation, it occurred to me that I might be able to inspect Tomcat's configuration to determine the cookie name and path instead of having the user configure them in the Valve itself... users /are/ configuring that stuff elsewhere already -- why make them do it twice? So it looks like I have three choices: 1. Use manual configuration. This is what I'm trying to avoid. 2. Use request.getServletContext().getSessionCookieConfig().* 3. Use request.getContext().getSessionCookie* #2 would not be back-portable past Tomcat 7. Is there an appreciable difference between #2 and #3? Is there a preference either way? I'm kind of inclined to target #2 because it uses the servlet API and provides a better example that could be used perhaps outside of a Valve. Any thoughts? I think I might still have to use request.getContext().getSessionCookiePathUsesTrailingSlash() because that does not seem to be available in the servlet API's SessionCookieConfig object. Thanks, -chris
signature.asc
Description: OpenPGP digital signature
