I've recently been looking at the RequestDispatcher implementation in Tomcat
3.x and 4.0, and had a question about how this is implemented.
I'm running a servlet under the "/test" context. I grab a ServletContext
for the "/examples" context. I then get a request dispatcher from the
"/examples" context for the "/snoop" servlet and forward to it or include
it. While running under the "/example" context, I call request.getSession
and the HttpSession that is retrieved is the same session that we were
running with under the "/test" context. This appears to violate the servlet
2.2 spec section 7.3:
"HttpSession objects must be scoped at the application/servlet context
level. The underlying mechanism, such as the cookie used to establish the
session, can be shared between contexts, but the object exposed, and more
importantly the attributes in that object, must not be shared between
contexts."
My test code is below:
ServletConfig config = getServletConfig();
ServletContext thisContext = config.getContext();
SerlvetContext exampleContext = thisContext.getContext( "/examples" );
RequestDispatcher disp = exampleContext.getRequestDispatcher( "/snoop" );
HttpSession ses = request.getSession();
ses.setAttribute("Foo", "Bar");
disp.include( request, response );
When running in the "snoop" servlet, I do a request.getSession(). The
session that is returned has the "Foo" attribute set. It seems that the
HttpSession in the HttpServletRequest object should be set to a session
running under the "/examples" context before being forwarded.
Was this a design decision or perhaps an oversight?
Thanks for any help.
Richard
--
Richard K Frazer
Software Developer
HAHT Commerce, Inc.
(919)786-5208
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
