On 19/01/2012 22:41, Alex Rojkov wrote:
>>>> On Tue, 2012-01-17 at 17:36 -0800, Shing Wai Chan wrote:
>> I notice one more different: a String argument.
>> In Tomcat (and also GlassFish), we have
>> org.apache.catalina.connector.Request#changeSessionId(String newSessionId)
>
> In my opinion the session ids must be container managed. We can't rely on the users
> of the API to be able to generate good IDs. I am not in favour of letting users
> generate Ids.
Agreed. org.apache.catalina.connector.Request is an internal class and
could easily be refactored to not take the new session ID.
>> In other words, the caller of the API need to know a newSessionId as follows:
>> a) javax.servlet.http.HttpServletRequest:
>> public void changeSessionId(String newSessionId);
>
> -1. See above.
Agreed. -1 to the API allowing the new ID to be specified.
> public void changeSessionId() is OK.
>
> public String changeSessionId() can be considered as alternative.
>
> It's likely that the new sessionId will be needed right after it's generated.
I have no issues with this proposed change.
Mark
>
> Alex
>
>>
>> Also, in previous bug comments and discussion, there is a suggestion to add a new method:
>> b) javax.servlet.http.HttpSessionListener
>> public void sessionIdChanged(HttpSessionEvent se);
>>
>> Note that (b) may break some of the user applications. Is it ok?
>>
>> Shing Wai Chan
>>
>>
>>
>