Rafael,
This won't work reliably on a post request, because the session management
also depends on cookies. In order to make sure you get a new session, you
will need to put in something like this (only for post request):
session.invalidate()
session = request.getSession(true);
if(!session.getNew()) response.sendRedirect("/logout");
This will work about 99% of the time...whereas if you just do
session.invalidate(), session=request.getSession(true) it won't work in a
post request.
Regards,
the elephantwalker
-----Original Message-----
From: [EMAIL PROTECTED]
[mailto:[EMAIL PROTECTED]]On Behalf Of Rafael Alvarez
Sent: Tuesday, September 18, 2001 11:00 AM
To: Orion-Interest
Subject: Re: session bug
Hello Denis,
Try doing this:
session = request.getSession(true);
System.out.println("session = request.getSession(false);\t" +
session.hashCode());
System.out.println("session = " + session);
session.invalidate();
System.out.println("session.invalidate();\t" + session.hashCode());
System.out.println("session = " + session);
session = request.getSession(true);
System.out.println("session = request.getSession();\t" +
session.hashCode());
System.out.println("session = " + session);
That way you'll get a new session after the session is invalidated.
The problem arises because the session object that is associated with
the request object is the invalidated one until you create a new
session, either by a new hit in the page/servlet or by using
request.getSession(true).
Tuesday, September 18, 2001, 9:44:52 AM, you wrote:
DK> Hello everyone!
DK> I think I have found bug in orion 1.5.2.
DK> There is problem with sessions. When I invalidate session and then get
new
DK> session, sometimes (not always) I get same invalidated session.
DK> Does anybody have same problem? Any solution except that I remove all
data
DK> from session?
DK> Thanks in advance.
DK> Here is code that demonstrates bug:
DK> session = request.getSession(true);
DK> System.out.println("session = request.getSession(false);\t" +
DK> session.hashCode());
DK> System.out.println("session = " + session);
DK> session.invalidate();
DK> System.out.println("session.invalidate();\t" + session.hashCode());
DK> System.out.println("session = " + session);
DK> session = request.getSession();
DK> System.out.println("session = request.getSession();\t" +
DK> session.hashCode());
DK> System.out.println("session = " + session);
DK> Orion's output:
DK> session = request.getSession(); 2935133
DK> session = HTTP Session AKAEMHOGAJOD
DK> session.invalidate(); 2935133
DK> session = HTTP Session AKAEMHOGAJOD
DK> session = request.getSession(); 2935133
DK> session = HTTP Session AKAEMHOGAJOD
DK> Exception is
DK> java.lang.IllegalStateException: Session was invalidated
DK> at
com.evermind.server.http.EvermindHttpSession.setAttribute(Unknown
DK> Source)
DK> at
DK> isvu.kadrovska.web.command.LoginCommand.execute(LoginCommand.java:161)
DK> at isvu.kadrovska.web.Kadrovska.doPost(Kadrovska.java:183)
DK> at javax.servlet.http.HttpServlet.service(HttpServlet.java:211)
DK> at javax.servlet.http.HttpServlet.service(HttpServlet.java:309)
DK> at javax.servlet.http.HttpServlet.service(HttpServlet.java:336)
DK> at com.evermind._cxb._abe(Unknown Source)
DK> at com.evermind._cxb._uec(Unknown Source)
DK> at com.evermind._io._twc(Unknown Source)
DK> at com.evermind._io._gc(Unknown Source)
DK> at com.evermind._if.run(Unknown Source)
Best regards,
Rafael mailto:[EMAIL PROTECTED]
