Reused HttpSession in Resin 4.0.41

Question

I am using Resin 4.0.41 and have trouble when creating new session using HttpSession.

I have following codes:

// "request" has type of HttpServletRequest
HttpSession session = request.getSession(false);
if (session!=null) {
    session.invalidate();
    session = request.getSession(true); // create the session
}
String sessionId = session.getId();

It was performed when user successfully login, and I want to store the Session ID. But when user login, logout, and login again, the first login and the second one always have the same Session ID.

Is it a bug from Resin 4.0.41 when dealing with HttpSession? I am sure it is not a bug but can be set in Resin configuration (resin.xml). How we can do it?

I have some experiments on tag but it is still didn't work.

score 0 · Accepted Answer · answered Oct 15 '14 at 10:42

0

I have solved it by using parameter:

<session-config>
    <reuse-session-id>false</reuse-session-id>
</session-config>

I found it worked when using Resin 4.0.41. If I use Resin 3.1.9 I wonder why it didn't work.

answered Oct 15 '14 at 10:42

danisupr4

815
1
9
22

Reused HttpSession in Resin 4.0.41

1 Answers1