Hmm,
but I can't find a statement that the valueUnbound get an invalid session, when it called after sessionDestoryed.
HttpSessionBindingListener === /** * * Notifies the object that it is being unbound * from a session and identifies the session. * * @param event the event that identifies * the session * * @see #valueBound * */
public void valueUnbound(HttpSessionBindingEvent event); ====
I thing the part "identifies the session" is in conflict with the current tomcat implementation.
Interface HttpSessionBindingListener:
Causes an object to be notified when it is bound to or unbound from a session. The object is notified by an HttpSessionBindingEvent object. This may be as a result of a servlet programmer explicitly unbinding an attribute from a session, due to a session being invalidated, or due to a session timing out.
Today the user get a IllegalStateException at event.getSession().getId() instead the session identifier.
The current servlet spec is not clear at this session event definition. :(
What is correct? - current handling - emit remove session event and after this the session is invalid - remove emit event after invalidation
What we can do?
- document the situation
Add lifecycle diagrams ( state flow)
- propose a change to the spec team
Don't emit remove session attribute events, when session destoryed, like ServletContext and ServletRequest handling ( my favorit)
Only direct removeAttribute calls, emit remove event.
I give up ;)
Yes, the current behavior is certain to be the correct one.
Rémy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
