> However, this does point to the need for default
> behavior of tomcat session generation code (or any
> interceptor or module code) in the absence of expected
> configuration info in server.xml.
That's a good point, but I'm wondering how could it be implemented.
The whole idea of modules is that each can be replaced with a better
version ( for example a more secure or more efficient scheme to generate
the ids ), so we can't just check for specific modules.
Well, there is a solution ( I'm not sure how can we code it ) - have an
automated way to run watchdog and sanity to validate the config files. If
watchdog/sanity are passing - then probably the config is valid :-)
Costin
>
> Mel
>
> > getNewSession is calling setState( STATE_NEW ), that
> > calls the
> > sessionState callback that allows modules to
> > initialize the new session
> > object - and SessionIdGenerator is setting the id (
> > using whatever
> > random).
> >
> > I can't understand what's wrong - my only guess is
> > that SessionIdGenerator
> > is not included.
> >
> > I didn't had too much time this weekend ( to restart
> > the nightly tests ),
> > but I hope to resolve those issues soon.
> >
> > Costin
> >
> >
> >
> > > object, the .toString() method to get a string
> > representation of the
> > > session id returns null. When getNewSession()
> > tries to use this value
> > > as a key into the sessions hashtable, a
> > NullPointerException is thrown.
> >
> >
> >
> >
> >
>
>
> __________________________________________________
> Do You Yahoo!?
> Get email at your own domain with Yahoo! Mail.
> http://personal.mail.yahoo.com/
>
