jsr369-experts@servlet-spec.java.net

[jsr369-experts] getEffectiveSessionTrackingModes

From: Shing Wai Chan <shing.wai.chan_at_oracle.com>
Date: Fri, 13 Jan 2017 13:58:14 -0800

We have an issues on the javadoc of #getEffectiveSessionTrackingModes [1].

Here are some background info:
In Servlet 3.1 javadoc of ServletContext#getDefaultSessionTrackingModes, we have
        "Gets the session tracking modes that are supported by default for this ServletContext."
The description indicates that the above API returns a list of supported session tracking modes.

In javadoc of #getEffectiveSessionTrackingModes(), we have
        "By default, the session tracking modes returned by getDefaultSessionTrackingModes are in effect."

This will be an issue when the server supports COOKIE, URL and SSL as SSL cannot be effective with COOKIE and URL at the same time. (See javadoc of #setSessionTrackingModes.)

In this case, I propose to remove the following line in javadoc of #getEffectiveSessionTrackingModes():
        "By default, the session tracking modes returned by getDefaultSessionTrackingModes are in effect.”
This will clarify the issue.

There is a related question on whether we want to specify the default value of #getEffectiveSessionTrackingModes when #getDefaultSessionTrackingModes contains SSL.
Or we wil let the server implementation to decide what the value of #getEffectiveSessionTrackingModes is.

Please let me know your comment.

Shing Wai Chan



[1] https://java.net/jira/browse/SERVLET_SPEC-155