Java Servlet Programming, 2nd Edition > B. HTTP Servlet API Quick Reference > HttpSessionContext |
SynopsisInterface Name: javax.servlet.http.HttpSessionContext Superinterface: None Immediate Subinterfaces: None Implemented By: None Availability: Servlet API 2.0 and later; deprecated in Servlet API 2.1 DescriptionHttpSessionContext is deprecated as of Servlet API 2.1. Previously this class provided access to all of the currently active sessions inside the servlet container. This provided a potential security hole where a servlet could use this class to display all the session IDs found inside the context, and that information could then be used by unscrupulous clients to forge their way into another's session. Because the ability to access all sessions at once is almost never needed, this class was deprecated for security's sake. Interface Declarationpublic interface HttpSessionContext { // Methods public abstract Enumeration getIds(); // Deprecated public abstract HttpSession getSession(String sessionId); // Deprecated } MethodsgetIds()public abstract Enumeration getIds()
getSession()public abstract HttpSession getSession(String sessionId)
|