> As close as I can tell, SessionInterceptor needs to be called first to
> parse the url sessionid out of the URL before it can be context mapped.
> StandardSessionInterceptor lets you work with the sessions once you know
> which context the request is going to. I've done some work in there,
> but I won't claim to know the original motivation for seperating them
> other than what is listed above.
The motivation was simple: there are many ways to encode the ID in a
request ( cookies, rewriting, SSL - plus special cases if the real server
decodes the session, like in load-balancing cases ).
There are many ways to store the sessions ( the simple hashtables we use
in StandardSI, database, session migration, etc ).
I thought it's better to separate the 2 problems and use 2 different
modules.
The storage module doesn't try to extract the session ID using
cookies/rewriting/etc - that means someone can add a new sessionId
decoding module without changing the storage module, and someone can write
a new storage module without worry about session id encoding.
Costin
>
> It might be possible to check the URL based session IDs in the same
> place as we check multiple cookies to find a valid one.
>
> Paul
>
> Hans Bergsten wrote:
> >
> > BugRat Mail System wrote:
> > >
> > > Bug report #380 has just been filed.
> > > [...]
> > > Environment:
> > > Release: 3.2 Beta 7
> > > JVM Release: 1.3
> > > Operating System: Linux/NT
> > > OS Release: 2.2.16/4
> > > Platform: any
> > >
> > > Synopsis:
> > > Sessions don't work without cookies
> > >
> > > Description:
> > > If Cookies are turned off in a browser the
> > > session-management by url-rewriting does not work.
> > > This bug was introduced by 3.2 beta6 and is still around
> > > in beta7
> >
> > This is serious enough to warrant a fix before 3.2 goes final, IMHO.
> > It used to work in 3.1 and the earlier 3.2 betas so it's a regression
> > bug.
> >
> > I started to look at this one, and noticed that there are two interceptors
> > that deal with sessions:
> > * SessionInterceptor, seems to deal with session IDs in the URL but
> > doesn't care about cookies. This one is invoked first.
> > * StandardSessionInterceptor, seems to deal with session IDs received
> > as cookies but doesn't care about session IDs in the URL.
> >
> > Before I start hacking here, can someone tell me why there are two
> > interceptors and what the intention with the two are?
> >
> > Hans
> > --
> > Hans Bergsten [EMAIL PROTECTED]
> > Gefion Software http://www.gefionsoftware.com
> >
> > ---------------------------------------------------------------------
> > To unsubscribe, e-mail: [EMAIL PROTECTED]
> > For additional commands, e-mail: [EMAIL PROTECTED]
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: [EMAIL PROTECTED]
> For additional commands, e-mail: [EMAIL PROTECTED]
>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
