Announcement Announcement Module
No announcement yet.
HttpSessionIntegrationFilter and creating sessions Page Title Module
Move Remove Collapse
This topic is closed
Conversation Detail Module
  • Filter
  • Time
  • Show
Clear All
new posts

  • HttpSessionIntegrationFilter and creating sessions

    Hello again,

    This time I've got an improvement to Acegi.

    So my first question: Is there an issue tracking for Acegi? I couldn't find one on Sourceforge, and JIRA on doesn't host Acegi.

    So now for the improvement:

    I think it is bad behaviour if a servlet filter creates HttpSessions unless it is absolutely neccesary. The enclosed resources may want to decide on their own if they want to create a session, or adapt their behaviour to the existance of a session.

    This said, I propose that getSession() in HttpSessionIntegrationFilter.extractFromContainer( ) and AbstractProcessingFilter.successfulAuthentication( ) should be converted to getSession(false). When getting an attribute, it is not important to create the session if the attribute is not present. If there is no session available, so will be no attribute.

    Best regards,


  • #2
    There's no issue tracker at present. As per my posting some weeks ago on acegisecurity-developer, the proposal for Acegi Security to become a Spring sub-project would probably mean we get added as a JIRA project to the existing Spring issue tracker.

    Regarding your change, I have just committed it to CVS.