DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUGĀ· RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://issues.apache.org/bugzilla/show_bug.cgi?id=40305>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED ANDĀ· INSERTED IN THE BUG DATABASE.
http://issues.apache.org/bugzilla/show_bug.cgi?id=40305 Summary: The getSession() method returns invalid session. Product: Tomcat 5 Version: 5.5.17 Platform: Other OS/Version: Windows XP Status: NEW Severity: normal Priority: P2 Component: Catalina AssignedTo: tomcat-dev@jakarta.apache.org ReportedBy: [EMAIL PROTECTED] I noticed that the counter "accessCount" of StandardSession is not synchronized to the session table of the Manager. That cause a problem. The Specification 2.4 says: --- The session invalidation will not take effect until all servlets using that session have exited the service method. --- The problem is: 1. First request creates a session. 2. Next request invokes getSession(false). In the Request#doGetSession() method, 2.1. The manager's findSession() method is called. 2.2. It is checked whether the session is valid by using the session's isValid() method. We assume that the current thread changes before StandardSession#access() is called. 3. ManagerBase#processExpires() is called. In this timing, the session will be invalidated if the session is time-out, because the counter "accessCount" is 0. 4. StandardSession#access() is called with the former thread. 5. The getSession(false) method returns invalid session. However, we were expecting Null or an valid session. I think that it is necessary to do some synchronous processing between accessCounter and the session table. -- Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email ------- You are receiving this mail because: ------- You are the assignee for the bug, or are watching the assignee. --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
