if (httpSession != null && httpSession.isInvalid()) {
exchange.removeAttachment(sessionAttachmentKey);
httpSession = null;
}
if (httpSession == null) {
final SessionManager sessionManager = deployment.getSessionManager();
Session session = sessionManager.getSession(exchange, c);
if (session != null) {
httpSession = SecurityActions.forSession(session, this, false);
exchange.putAttachment(sessionAttachmentKey, httpSession);
} else if (create) {
String existing = c.findSessionId(exchange);
if (originalServletContext != this) {
//this is a cross context request
//we need to make sure there is a top level session
originalServletContext.getSession(originalServletContext, exchange, true);
} else if (existing != null) {
c.clearSession(exchange, existing);
}
final Session newSession = sessionManager.createSession(exchange, c);
httpSession = SecurityActions.forSession(newSession, this, true);
exchange.putAttachment(sessionAttachmentKey, httpSession);
}
}
return httpSession;