On 1/20/2012 5:17 PM, Mark Thomas wrote:
> On 19/01/2012 22:41, Alex Rojkov wrote:
>>>>> On Tue, 2012-01-17 at 17:36 -0800, Shing Wai Chan wrote:
>>> I notice one more different: a String argument.
>>> In Tomcat (and also GlassFish), we have
>>> org.apache.catalina.connector.Request#changeSessionId(String newSessionId)
>> In my opinion the session ids must be container managed. We can't rely on the users
>> of the API to be able to generate good IDs. I am not in favour of letting users
>> generate Ids.
> Agreed. org.apache.catalina.connector.Request is an internal class and
> could easily be refactored to not take the new session ID.
>
>>> In other words, the caller of the API need to know a newSessionId as follows:
>>> a) javax.servlet.http.HttpServletRequest:
>>> public void changeSessionId(String newSessionId);
>> -1. See above.
> Agreed. -1 to the API allowing the new ID to be specified.
>
>> public void changeSessionId() is OK.
>>
>> public String changeSessionId() can be considered as alternative.
>>
>> It's likely that the new sessionId will be needed right after it's generated.
> I have no issues with this proposed change.
>
> Mark
Agreed to have this on HttpServletRequest.
>> Alex
>>
>>> Also, in previous bug comments and discussion, there is a suggestion to add a new method:
>>> b) javax.servlet.http.HttpSessionListener
>>> public void sessionIdChanged(HttpSessionEvent se);
>>>
>>> Note that (b) may break some of the user applications. Is it ok?
>>>
>>> Shing Wai Chan
>>>
>>>
>>>
I feel the change of session id has to be notified. Since adding it in
HttpSessionListener might break the interface. How about introducing an
standard 'javax.servlet.http.session.id' session attribute and notify
using :
javax.servlet.http.HttpSessionAttributeListener
void attributeAdded(javax.servlet.http.HttpSessionBindingEvent event);
void attributeReplaced(javax.servlet.http.HttpSessionBindingEvent
event);
>