Allow session access outside the context of an http request for that session
----------------------------------------------------------------------------
Key: CDV-413
URL: https://jira.terracotta.org/jira//browse/CDV-413
Project: Community Development
Issue Type: New Feature
Components: Sessions
Affects Versions: 2.4.3
Reporter: Tim Eck
Assigned To: Issue Review Board
There are multiple issues with the current session implementation when/if
sessions are accessed via "unusual" means. Normally sessions are looked up via
the HttpServletRequest.getSession(..) methods. If session instances are made
accessible via another means (e.g. a static map, a shared DSO data structure,
etc), a variety of problems happen.
The "normal" session lookup path does a few things that are subverted when
sessions are made accessible:
1) No DSO lock started
2) transients in SessionData not initialized
The first item can lead to unlocked expceptions and/or assertion errors in
invalidate(). The second leads to NPE
A valid use case for doing something like this is to prevent a user from
starting more than one valid session in the cluster.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
https://jira.terracotta.org/jira//secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
_______________________________________________
tc-dev mailing list
[email protected]
http://lists.terracotta.org/mailman/listinfo/tc-dev
