You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by bu...@apache.org on 2003/09/30 18:08:35 UTC

DO NOT REPLY [Bug 23525] New: - HttpSessionListener implementors are called to late according to Servlet Specification 2.4 Final Draft 3

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23525>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=23525

HttpSessionListener implementors are called to late according to Servlet Specification 2.4 Final Draft 3

           Summary: HttpSessionListener implementors are called to late
                    according to Servlet Specification 2.4 Final Draft 3
           Product: Tomcat 5
           Version: 5.0.12
          Platform: All
        OS/Version: All
            Status: NEW
          Severity: Major
          Priority: Other
         Component: Servlet & JSP API
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: ThorstenMoeller@web.de


The Servlet Specification 2.4 Final Draft 3 says on chapter SRV.15.1.14.1 
(page 284 in PDF document) when the method "sessionDestroyed" of an 
implementor of HttpSessionListener should be invoked:

public void sessionDestroyed(HttpSessionEvent se)
--> Notification that a session is about to be invalidated. <--
                                ^^^^^^^^^^^^^^^^^^^^^^^^^^

This is new and completely different comparing to the Servlet 2.3 specification
(!) and means to me that the container first invokes 
HttpSessionListener.sessionDestroyed() and after that invalidate (destroy) the 
session.
At the moment Tomcat 5 behaves like the Servlet 2.3 specification, which means 
that the container invalidates the session and after that invoke 
HttpSessionListener.sessionDestroyed().

I think Tomcat's behaviour must be changed according to the 2.4 specification!

Btw: I found this because I implemented an HttpSessionListener which needs to 
access the session to get an attribute stored in the session. At the moment I 
get an IllegalState exception because the container already invalidated the 
session (Tomcat 5.0.12).

See also: http://nagoya.apache.org/eyebrowse/BrowseList?
listId=88&by=thread&from=503705


Regards,
Thorsten