tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ronny Karallus <>
Subject OpenEJBHttpServer Responses will always have a session?
Date Wed, 11 Sep 2013 21:06:28 GMT
Diging for another problem in the source code I found the following piece
of code that is called on
org.apache.openejb.server.httpd.HttpResponseImpl.writeMessage(...) - so
pretty much on any response for the OpenEJBHttpServer:

    /** closes the message sent to the browser
    private void closeMessage() {

    private void setCookieHeader() {
        if (request == null || request.getSession() == null) return;

        HttpSession session = request.getSession(false);

        if (session == null) return;

<= the session will never be null here because you are calling
request.getSession(true) implicitly in line 1 of setCookieHeader() which
will create a session if there is none. This will in the end mean that
every request hitting the appserver will create a session even if it doesnt
require one ...

I am wondering if this is really on purpose or if this is a bug that needs
to be posted ... I found this in trunk and in version 1.5.2


  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message