[jira] [Commented] (SHIRO-546) DefaultWebSessionManager onStart might produce nullPointer Exception

Thu, 07 Jul 2016 12:44:52 -0700 

    [ 
https://issues.apache.org/jira/browse/SHIRO-546?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15366657#comment-15366657
 ] 

Brian Demers commented on SHIRO-546:
------------------------------------

And reopen if you are still seeing this.

> DefaultWebSessionManager onStart might produce nullPointer Exception
> --------------------------------------------------------------------
>
>                 Key: SHIRO-546
>                 URL: https://issues.apache.org/jira/browse/SHIRO-546
>             Project: Shiro
>          Issue Type: Bug
>          Components: Session Management
>    Affects Versions: 1.2.4
>            Reporter: Ariel Isaac
>              Labels: easyfix, newbie, patch
>   Original Estimate: 25m
>  Remaining Estimate: 25m
>
> DefaultWebSessionManager#onStart() when you get the HttpServletRequest it 
> might be null a throw a null pointer exception so it might need a little 
> validation 
> from
> {code}   @Override
>     protected void onStart(Session session, SessionContext context) {
>         super.onStart(session, context);
>         if (!WebUtils.isHttp(context)) {
>             log.debug("SessionContext argument is not HTTP compatible or does 
> not have an HTTP request/response " +
>                     "pair. No session ID cookie will be set.");
>             return;
>         }
>         HttpServletRequest request = WebUtils.getHttpRequest(context);
>         HttpServletResponse response = WebUtils.getHttpResponse(context);
>         if (isSessionIdCookieEnabled()) {
>             Serializable sessionId = session.getId();
>             storeSessionId(sessionId, request, response);
>         } else {
>             log.debug("Session ID cookie is disabled.  No cookie has been set 
> for new session with id {}", session.getId());
>         }
>         
> request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
>         
> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, 
> Boolean.TRUE);
>     }{code}
> to 
> {code}    @Override
>     protected void onStart(Session session, SessionContext context) {
>         super.onStart(session, context);
>         if (!WebUtils.isHttp(context)) {
>             log.debug("SessionContext argument is not HTTP compatible or does 
> not have an HTTP request/response " +
>                     "pair. No session ID cookie will be set.");
>             return;
>         }
>         HttpServletRequest request = WebUtils.getHttpRequest(context);
>         HttpServletResponse response = WebUtils.getHttpResponse(context);
>         if (isSessionIdCookieEnabled()) {
>             Serializable sessionId = session.getId();
>             storeSessionId(sessionId, request, response);
>         } else {
>             log.debug("Session ID cookie is disabled.  No cookie has been set 
> for new session with id {}", session.getId());
>         }
>         if (request != null) {
>             
> request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);
>             
> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, 
> Boolean.TRUE);
>         }
>         
>     }{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to