Author: markt
Date: Sat Apr 16 22:25:28 2011
New Revision: 1094069
URL: http://svn.apache.org/viewvc?rev=1094069&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=51042
Don't trigger session creation listeners when changing the session ID during
authentication.
Modified:
tomcat/trunk/java/org/apache/catalina/Session.java
tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java
tomcat/trunk/java/org/apache/catalina/ha/session/DeltaSession.java
tomcat/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
tomcat/trunk/java/org/apache/catalina/manager/DummyProxySession.java
tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
tomcat/trunk/webapps/docs/changelog.xml
Modified: tomcat/trunk/java/org/apache/catalina/Session.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/Session.java?rev=1094069&r1=1094068&r2=1094069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/Session.java (original)
+++ tomcat/trunk/java/org/apache/catalina/Session.java Sat Apr 16 22:25:28 2011
@@ -118,7 +118,8 @@ public interface Session {
/**
- * Set the session identifier for this session.
+ * Set the session identifier for this session and notifies any associated
+ * listeners that a new session has been created.
*
* @param id The new session identifier
*/
@@ -126,6 +127,17 @@ public interface Session {
/**
+ * Set the session identifier for this session and optionally notifies any
+ * associated listeners that a new session has been created.
+ *
+ * @param id The new session identifier
+ * @param notify Should any associated listeners be notified that a new
+ * session has been created?
+ */
+ public void setId(String id, boolean notify);
+
+
+ /**
* Return descriptive information about this Session implementation and
* the corresponding version number, in the format
* <code><description>/<version></code>.
Modified: tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java?rev=1094069&r1=1094068&r2=1094069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/ha/session/DeltaManager.java Sat Apr
16 22:25:28 2011
@@ -1387,12 +1387,7 @@ public CatalinaCluster getCluster() {
// use container maxInactiveInterval so that session will expire
correctly in case of primary transfer
session.setMaxInactiveInterval(getMaxInactiveInterval());
session.access();
- if(notifySessionListenersOnReplication) {
- session.setId(msg.getSessionID());
- } else {
- session.setIdInternal(msg.getSessionID());
- add(session);
- }
+ session.setId(msg.getSessionID(), notifySessionListenersOnReplication);
session.resetDeltaRequest();
session.endAccess();
@@ -1468,12 +1463,7 @@ public CatalinaCluster getCluster() {
if (session != null) {
String newSessionID = deserializeSessionId(msg.getSession());
session.setPrimarySession(false);
- if (notifySessionListenersOnReplication) {
- session.setId(newSessionID);
- } else {
- session.setIdInternal(newSessionID);
- add(session);
- }
+ session.setId(newSessionID, notifyListenersOnReplication);
}
}
Modified: tomcat/trunk/java/org/apache/catalina/ha/session/DeltaSession.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ha/session/DeltaSession.java?rev=1094069&r1=1094068&r2=1094069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/ha/session/DeltaSession.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/ha/session/DeltaSession.java Sat Apr
16 22:25:28 2011
@@ -244,17 +244,17 @@ public class DeltaSession extends Standa
this.isPrimarySession = primarySession;
}
+
/**
- * Set the session identifier for this session without notify listeners.
- *
- * @param id
- * The new session identifier
+ * {@inheritDoc}
*/
- public void setIdInternal(String id) {
- this.id = id;
+ @Override
+ public void setId(String id, boolean notify) {
+ super.setId(id, notify);
resetDeltaRequest();
}
+
/**
* Set the session identifier for this session.
*
Modified:
tomcat/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java?rev=1094069&r1=1094068&r2=1094069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/ha/session/JvmRouteBinderValve.java
Sat Apr 16 22:25:28 2011
@@ -359,8 +359,7 @@ public class JvmRouteBinderValve extends
protected void changeSessionID(Request request, String sessionId,
String newSessionID, Session catalinaSession) {
fireLifecycleEvent("Before session migration", catalinaSession);
- // FIXME: setId trigger session Listener, but only chance to register
manager with correct id!
- catalinaSession.setId(newSessionID);
+ catalinaSession.setId(newSessionID, false);
// FIXME: Why we remove change data from other running request?
// setId also trigger resetDeltaRequest!!
if (catalinaSession instanceof DeltaSession)
Modified: tomcat/trunk/java/org/apache/catalina/manager/DummyProxySession.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/manager/DummyProxySession.java?rev=1094069&r1=1094068&r2=1094069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/manager/DummyProxySession.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/manager/DummyProxySession.java Sat
Apr 16 22:25:28 2011
@@ -169,6 +169,12 @@ public class DummyProxySession implement
}
@Override
+ public void setId(String id, boolean notify) {
+ this.sessionId = id;
+ // Ignore notify
+ }
+
+ @Override
public void setManager(Manager manager) {
// NOOP
}
Modified: tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java?rev=1094069&r1=1094068&r2=1094069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java Sat Apr 16
22:25:28 2011
@@ -768,7 +768,7 @@ public abstract class ManagerBase extend
*/
@Override
public void changeSessionId(Session session) {
- session.setId(generateSessionId());
+ session.setId(generateSessionId(), false);
}
Modified: tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
URL:
http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/StandardSession.java?rev=1094069&r1=1094068&r2=1094069&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/StandardSession.java
(original)
+++ tomcat/trunk/java/org/apache/catalina/session/StandardSession.java Sat Apr
16 22:25:28 2011
@@ -374,6 +374,15 @@ public class StandardSession implements
*/
@Override
public void setId(String id) {
+ setId(id, true);
+ }
+
+
+ /**
+ * {@inheritDoc}
+ */
+ @Override
+ public void setId(String id, boolean notify) {
if ((this.id != null) && (manager != null))
manager.remove(this);
@@ -382,7 +391,10 @@ public class StandardSession implements
if (manager != null)
manager.add(this);
- tellNew();
+
+ if (notify) {
+ tellNew();
+ }
}
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL:
http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1094069&r1=1094068&r2=1094069&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Sat Apr 16 22:25:28 2011
@@ -65,6 +65,10 @@
<bug>51038</bug>: Ensure that asynchronous requests are included in
access logs. (markt)
</fix>
+ <fix>
+ <bug>51042</bug>: Don't trigger session creation listeners when a
+ session ID is changed as part of the authentication process. (markt)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
