[Bug 57865] session.invalidate does not work when during startup war file is deployed

Mon, 04 May 2015 06:05:05 -0700 

https://bz.apache.org/bugzilla/show_bug.cgi?id=57865

Alessandro Trolli <alessandro.tro...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|WORKSFORME                  |---

--- Comment #8 from Alessandro Trolli <alessandro.tro...@gmail.com> ---
(In reply to Mark Thomas from comment #7)
> This works as expected for me with trunk. I also don't see any changes
> between 7.0.59 and 7.0.61 that might explain any odd behavoir.
> 
> If this issue is re-opened then the *exact* steps to reproduce the issue
> with the latest stable 7.0.x release need to be provided. A clear
> description of the observed behabiour, the expected behaviour and what the
> differences are is also required.

I've tried to debug further: in my case it doesn't enter in deregister method 
called by SingleSignOn.removeSession(String ssoId, Session session)
because following condition is not met

        // If there are not sessions left in the SingleSignOnEntry,
        // deregister the entry.
        if (entry.findSessions().length == 0) {
            deregister(ssoId);
        }

Analyzing code changes I've noticed that sessionEvent(SessionEvent event)
method has the following part changed 

        long idle;
        if (LAST_ACCESS_AT_START) {
            idle = session.getLastAccessedTimeInternal();
        } else {
            idle = session.getThisAccessedTimeInternal();
        }
        if (((session.getMaxInactiveInterval() > 0)
            && idle >= session.getMaxInactiveInterval() * 1000) 
            || (Session.SESSION_PASSIVATED_EVENT.equals(event.getType()))
            || (!session.getManager().getContainer().getState().isAvailable()))
{
            removeSession(ssoId, session);
        } else {
            // The session was logged out.
            // Deregister this single session id, invalidating 
            // associated sessions
            deregister(ssoId);
        }

while in 7.0.59 removeSession was called looking at (System.currentTimeMillis()
- session.getThisAccessedTimeInternal()


        if (((session.getMaxInactiveInterval() > 0)
            && (System.currentTimeMillis() -
session.getThisAccessedTimeInternal() >=
                session.getMaxInactiveInterval() * 1000)) 
            || (Session.SESSION_PASSIVATED_EVENT.equals(event.getType()))
            || (!session.getManager().getContainer().getState().isAvailable()))
{
            removeSession(ssoId, session);
        } else {
            // The session was logged out.
            // Deregister this single session id, invalidating 
            // associated sessions
            deregister(ssoId);
        }


can you please check if above change can interfer
how can I force to call deregister method?

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to