TokenProcessor bypasses HttpSession.setAttribute() --------------------------------------------------
Key: SHALE-461 URL: https://issues.apache.org/struts/browse/SHALE-461 Project: Shale Issue Type: Bug Components: Core Reporter: Bernhard Huemer Priority: Trivial The TokenProcessor (org.apache.shale.util.Tokenprocessor) saves the generated Token in a Set, which itself is saved in the session. The problem is that there is no additional call to setAttribute (i.e. no additional call to sessionMap.put) but that's a requirement for a server which wants to replicate only the deltas of a session. However, I was never confronted to this problem as I've never used Shale in a distributed environment. This report is just based on my understanding of session replication so please correct me if I'm wrong. /// TokenProcessor.java, line 87 // Store the generated value for later verification Set set = (Set) context.getExternalContext().getSessionMap().get(ShaleConstants.TOKENS); if (set == null) { set = new HashSet(); context.getExternalContext().getSessionMap().put(ShaleConstants.TOKENS, set); } set.add(token); \\\ The following modification should work. /// // Store the generated value for later verification Set set = (Set) context.getExternalContext().getSessionMap().get(ShaleConstants.TOKENS); if (set == null) { set = new HashSet(); } set.add(token); context.getExternalContext().getSessionMap().put(ShaleConstants.TOKENS, set); \\\ -- This message is automatically generated by JIRA. - You can reply to this email to add a comment to the issue online.