[jcifs] problem with NtlmHttpFilter forcing sessions

mikewse mikewse at hotmail.com
Mon Jan 29 19:20:46 GMT 2007

The NtlmHttpFilter calls HttpServletRequest.getSession() in a number of
places, which will cause a session to be created if it doesn't exist
already. Normally, a filter should not force a session being created and
should use HttpServletRequest.getSession(false) to only use an existing
I guess that storing some info on the session optimizes negotiation of the
next request, so it is probably desirable for NTLM to use a session. In our
case we are eventually creating a session (so we can make use of it for
storing data) but our application relies on itself creating the session and
cannot handle the case when the session has already been created (and
joined) by jcifs.

As creating sessions in a filter is somewhat unortodox, maybe it could at
least be possible to disable this behaviour  through a configuration
setting? When activating this setting the filter could use a session if
existing but would not create one.

Would this be possible to fix?

Best regards
View this message in context: http://www.nabble.com/problem-with-NtlmHttpFilter-forcing-sessions-tf3137777.html#a8695834
Sent from the Samba - jcifs mailing list archive at Nabble.com.

More information about the jcifs mailing list