You should invalidate the session from the (injected) Request object
(not the HTTPServletRequest). This does the necessary bookkeeping.
Kind regards,
Joachim
Kristian Marinkovic wrote:
hi,
using 5.0.18 it was able to invalidate a HttpSession (via the Request)
and then to create a new one to store a new object (subject).
in 5.1.0.5 this changed because the Request will always cache the old
Tapestry Session object and not attempt to create a new Http Session
as long as the reference is not null although it is invalidated.
Are there any workarounds? Why i'm doing this: if you're logged in
as XXX you can re-login as YYY if you want and have a new https
session.
g,
kris
used to work
public void setSubject(Subject subject)
{
Session session = request.getSession(false);
// create a new session
if (session != null && !session.isInvalidated())
{
session.invalidate();
}
request.getSession(true);
asoManager.set(Subject.class, subject);
}
--
Joachim Van der Auwera
PROGS bvba, progs.be
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscr...@tapestry.apache.org
For additional commands, e-mail: users-h...@tapestry.apache.org
