jsr369-experts@servlet-spec.java.net

[jsr369-experts] Re: getEffectiveSessionTrackingModes

From: Mark Thomas <markt_at_apache.org>
Date: Mon, 23 Jan 2017 19:46:43 +0000

On 20/01/2017 21:42, Shing Wai Chan wrote:
> At least we would like to fix the javadoc by removing the following text
> in #getEffectiveSessionTrackingModes():
> "By default, the session tracking modes returned by
> getDefaultSessionTrackingModes are in effect.”
>
> I would like to resolve this issue by Dec 26 COB, PST.
> If there is no comment, then I would remove the above text in
> #getEffectiveSessionTrackingModes() in the javadoc.

+1 to removal.

Happy to leave the value of getEffectiveSessionTrackingModes(0 when TLS
is available to the implementation.

Mark

>
> Thanks.
>
> Shing Wai Chan
>
>
>
>> On Jan 13, 2017, at 1:58 PM, Shing Wai Chan <shing.wai.chan_at_oracle.com
>> <mailto:shing.wai.chan_at_oracle.com>> wrote:
>>
>> We have an issues on the javadoc of #getEffectiveSessionTrackingModes [1].
>>
>> Here are some background info:
>> In Servlet 3.1 javadoc of
>> ServletContext#getDefaultSessionTrackingModes, we have
>> "Gets the session tracking modes that are supported by default for
>> this ServletContext."
>>
>> The description indicates that the above API returns a list of
>> supported session tracking modes.
>>
>> In javadoc of #getEffectiveSessionTrackingModes(), we have
>> "By default, the session tracking modes returned by
>> getDefaultSessionTrackingModes are in effect."
>>
>> This will be an issue when the server supports COOKIE, URL and SSL as
>> SSL cannot be effective with COOKIE and URL at the same time. (See
>> javadoc of #setSessionTrackingModes.)
>>
>> In this case, I propose to remove the following line in javadoc of
>> #getEffectiveSessionTrackingModes():
>> "By default, the session tracking modes returned by
>> getDefaultSessionTrackingModes are in effect.”
>> This will clarify the issue.
>>
>> There is a related question on whether we want to specify the default
>> value of #getEffectiveSessionTrackingModes when
>> #getDefaultSessionTrackingModes contains SSL.
>> Or we wil let the server implementation to decide what the value of
>> #getEffectiveSessionTrackingModes is.
>>
>> Please let me know your comment.
>>
>> Shing Wai Chan
>>
>>
>>
>> [1] https://java.net/jira/browse/SERVLET_SPEC-155
>
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.