You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/04/18 15:05:43 UTC

DO NOT REPLY [Bug 17615] - getSession() returns a different StandardSessionFacade object every time it is called

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17615>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=17615

getSession() returns a different StandardSessionFacade object every time it is called

funkman@joedog.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|                            |INVALID



------- Additional Comments From funkman@joedog.org  2003-04-18 13:05 -------
You should not have direct access to the real session object, only to the facade
which wraps the session. This is for security purposes so one does not get
sneaky with respect to reflection and try to do something they shouldn't do. 

(I think) There was also a recent bug fix recently(?) with respect to this where
the actually session was passed.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org