Hey
I have review the getIdInteral changes. At expire (StandardSession, DeltaSession) we send first the "SessionDestory events" and after this the "Remove Session Attribute" events. Before we send the remove attribute events the session set to invalid. Hmm: Why we do that? I have read the spec 2.4 but I can find a hint. With this handling nobody can access the getId without IllegalStateException in a HttpSessionBindingListener or HttpSessionAttributeListener! That I can't find this very nice?
What can I say, we needed to generate more BZ reports to mark as INVALID ;-).
The tester actually has example code of using getId in a HttpSessionAttributeListener to get an ISE.
Can anyone explain this session event handling?
There was just a long discussion of this. For the details, check the list archives. The short version is that it's mandated by section 15.1.7 + Errata (http://jcp.org/aboutJava/communityprocess/maintenance/jsr154/154errata.txt).
(maybe I shouldn't have mentioned it, as Jan didn't appear to have noticed it before: I may have started the trouble ...)
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
