TC Session: does not create a new session after session.invliadate() has been
called
------------------------------------------------------------------------------------
Key: CDV-291
URL: https://jira.terracotta.org/jira//browse/CDV-291
Project: Community Development
Issue Type: Bug
Components: Sessions
Affects Versions: 2.3
Reporter: Alex Voskoboynik
Assigned To: Issue Review Board
This problem is reported by
http://forums.terracotta.org/forums/posts/list/280.page
BUG DETAILS:
App Code:
session.invalidate();
request.getSession(true).getAttribute("...");
Container Behavior:
Tomcat will create a new session as long as response has not been commited.
TC Session Behavior:
TCS throws IllegalStateException exception on all session-related operation
after session.invalidate() has been called.
FIX DETAILS:
We will have to do the following:
- if response has been committed throw IllegalStateException
- else, correctly release the lock on the old session id
- generate a new session id and acquire a lock on it
- write new session cookie (if request hopped a server this might create 2
session id cookies, so the old one should be removed)
- proceed with the request and unlock the new session id at the end
- if request is forwarded more complications arise
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.terracotta.org/jira//secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
tc-dev mailing list
[email protected]
http://lists.terracotta.org/mailman/listinfo/tc-dev
