servlet-spec
  1. servlet-spec
  2. SERVLET_SPEC-47

Should keep session content rather than session object after programmatic login

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Major Major
    • Resolution: Works as designed
    • Affects Version/s: None
    • Fix Version/s: None
    • Labels:
      None

      Description

      The following issue is raised by Jan Bartel <janb@intalio.com>.
      See email discussion in users@servlet-spec.java.net .

      In p.141 of 13.10 "Login and Logout" of Servlet 3.0 spec, it has:
      "If a developer creates a session while a user is not authenticated, and the container then authenticates the user, the session visible to developer code after login must be the same session object that was created prior to login occurring so that there is no loss of session information."

      The session content rather than the session object must be kept.
      So, it is a bug in the spec.

        Activity

        Shing Wai Chan created issue -
        Shing Wai Chan made changes -
        Field Original Value New Value
        Summary Should keep session context rather than session object after programmatic login Should keep session content rather than session object after programmatic login
        Shing Wai Chan made changes -
        Status Open [ 1 ] Closed [ 6 ]
        Resolution Works as designed [ 7 ]

          People

          • Assignee:
            Shing Wai Chan
            Reporter:
            Shing Wai Chan
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: