billbarker 2003/01/09 21:39:11
Modified: src/share/org/apache/tomcat/core ServerSession.java
src/share/org/apache/tomcat/modules/session
SessionExpirer.java SimpleSessionStore.java
Log:
Make certain that a session has been recycled before being reused.
I'm using STATE_INVALID to signal that it is OK to reuse the session (since it is
currently unused). It might be better to rename it STATE_RECYCLED.
Fix for bug #15894
Reported By: Christian Wicke [EMAIL PROTECTED]
Revision Changes Path
1.14 +1 -2
jakarta-tomcat/src/share/org/apache/tomcat/core/ServerSession.java
Index: ServerSession.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/ServerSession.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- ServerSession.java 1 Sep 2001 00:48:48 -0000 1.13
+++ ServerSession.java 10 Jan 2003 05:39:11 -0000 1.14
@@ -127,7 +127,7 @@
Context context;
ContextManager contextM;
private Object notes[]=new Object[ContextManager.MAX_NOTES];
- private int state=STATE_NEW;
+ private int state=STATE_INVALID;
Object facade;
public ServerSession() {
@@ -287,7 +287,6 @@
facade=null;
attributes.clear();
ts.recycle();
- id.recycle();
}
1.5 +1 -0
jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SessionExpirer.java
Index: SessionExpirer.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SessionExpirer.java,v
retrieving revision 1.4
retrieving revision 1.5
diff -u -r1.4 -r1.5
--- SessionExpirer.java 1 Sep 2001 00:52:37 -0000 1.4
+++ SessionExpirer.java 10 Jan 2003 05:39:11 -0000 1.5
@@ -167,6 +167,7 @@
// After expiring it, we clean up.
if( debug > 0 ) se.log( "Recycling " + sses);
sses.recycle();
+ sses.setState( ServerSession.STATE_INVALID );
}
}
}
1.22 +3 -1
jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SimpleSessionStore.java
Index: SimpleSessionStore.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/modules/session/SimpleSessionStore.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- SimpleSessionStore.java 30 Aug 2002 05:41:42 -0000 1.21
+++ SimpleSessionStore.java 10 Jan 2003 05:39:11 -0000 1.22
@@ -272,13 +272,14 @@
log( "Shuting down " + id );
session.setState( ServerSession.STATE_SUSPEND );
session.setState( ServerSession.STATE_EXPIRED );
+ session.setState( ServerSession.STATE_INVALID );
}
}
public int sessionState( Request req, ServerSession session, int state ) {
TimeStamp ts=session.getTimeStamp();
- if( state==ServerSession.STATE_EXPIRED ) {
+ if( state==ServerSession.STATE_INVALID ) {
// session moved to expire state - remove all attributes from
// storage
SimpleSessionManager ssm=(SimpleSessionManager)session.getManager();
@@ -417,6 +418,7 @@
// that's what the original code did
oldS.setState( ServerSession.STATE_EXPIRED );
oldS.recycle();
+ oldS.setState( ServerSession.STATE_INVALID );
}
sessions.put( newId, session );
return (session);
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
