protected Session doGetSession(Serializable sessionId) throws InvalidSessionException {
   // Ignore session id since there is no way to acquire a session based on an id in a servlet
   // container
   // (that is implementation agnostic)
   ServletRequest request = WebUtils.getRequiredServletRequest();
   ServletResponse response = WebUtils.getRequiredServletResponse();
   return getSession(request, response);
 }
 public Session getSession(ServletRequest request, ServletResponse response)
     throws AuthorizationException {
   Session session = null;
   HttpSession httpSession = ((HttpServletRequest) request).getSession(false);
   if (httpSession != null) {
     session = createSession(httpSession, WebUtils.getInetAddress(request));
   }
   return session;
 }
 protected Session createSession(InetAddress originatingHost)
     throws HostUnauthorizedException, IllegalArgumentException {
   ServletRequest request = WebUtils.getRequiredServletRequest();
   HttpSession httpSession = ((HttpServletRequest) request).getSession();
   return createSession(httpSession, originatingHost);
 }