Creating an HttpSession with Ajax Request and then redirecting the response
causes an HTTPSession to leak
---------------------------------------------------------------------------------------------------------
Key: RF-8274
URL: https://jira.jboss.org/jira/browse/RF-8274
Project: RichFaces
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: component-a4j-core
Affects Versions: 3.3.2.GA
Environment: j2sdk1.5.0_06/1.6.0_14, Windows/Linux, JSF1.2, JBoss
5.1.0GA, Weblogic 9.2
Reporter: yagish sharma
While running the load test on our environment, we found a HTTPSession object
getting created in response to an AjaxRequest, but in the "redirected"
response, the Set-Cookie - JSessionID was missing causing the server to leak an
HttpSession. Further digging down the issue, we found the
BaseXMLFilter.resetResponse method "resets" the original (server) response
object, and then copies the cookies over from a response wrapper, thus missing
to reset the JSessionID cookie into the response object.
This issue is closely related to how the JSessionID is set in the response
object by the AppServer. JBoss (Tomcat), on creation of an HTTPSession object,
creates a JSessionID cookie and appends it directly to the response object's
cookies arrayList (without calling the ServletResponse.addCookie() method).
Similar behavior was found in load testing on Weblogic 9.2 app server as well.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
richfaces-issues mailing list
[email protected]
https://lists.jboss.org/mailman/listinfo/richfaces-issues
