Jan Bartel <janb_at_intalio.com> wrote:
>Mark,
>
>See Shing's previous reply - if the below was your intent then that
>intent did not get communicated to everyone in the spec group.
I'm happy with the current language. As long as the spec does not require "change session ID" == "create new session object" I don't see an issue.
I don't particularly mind if the spec says "session object stays the same after auth" or "session content stays the same after auth". The latter gives implementors more flexibility but personally I'm happy with either.
> Also,
>I didn't see any discussion, nor proposed javadoc, that mandated that
>the implementation of Request.changeSessionId() should preserve
>object identity on an existing session ... so there is some conflict
>between the behaviour of Request.login() and
>Request.changeSessionId().
As long as Request.changeSessionId() does not mandate a new session object (and I don't believe it does) then there is no conflict.
Mark