javasessionhttpsessionresin

Reused HttpSession in Resin 4.0.41


I am using Resin 4.0.41 and have trouble when creating new session using HttpSession.

I have following codes:

// "request" has type of HttpServletRequest
HttpSession session = request.getSession(false);
if (session!=null) {
    session.invalidate();
    session = request.getSession(true); // create the session
}
String sessionId = session.getId();

It was performed when user successfully login, and I want to store the Session ID. But when user login, logout, and login again, the first login and the second one always have the same Session ID.

Is it a bug from Resin 4.0.41 when dealing with HttpSession? I am sure it is not a bug but can be set in Resin configuration (resin.xml). How we can do it?

I have some experiments on tag but it is still didn't work.


Solution

  • I have solved it by using parameter:

    <session-config>
        <reuse-session-id>false</reuse-session-id>
    </session-config>
    

    I found it worked when using Resin 4.0.41. If I use Resin 3.1.9 I wonder why it didn't work.