billbarker 2003/01/10 19:00:07
Modified: src/share/org/apache/tomcat/core Request.java
Log:
Make certain that the session still belong to us before returning it.
If the Servlet invalidates the session, and then later requests a new one, it is
possible for the one we have to be valid because it is now being used by somebody
else. Thus we have to make certain that it still belongs to us before returning it.
Real Fix for bug #15894
Reported By: Christian Wicke [EMAIL PROTECTED]
Revision Changes Path
1.116 +2 -0 jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java
Index: Request.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -r1.115 -r1.116
--- Request.java 27 Apr 2002 03:45:18 -0000 1.115
+++ Request.java 11 Jan 2003 03:00:06 -0000 1.116
@@ -714,6 +714,8 @@
public ServerSession getSession(boolean create) {
if (serverSession!=null && !serverSession.isValid())
serverSession=null;
+ if (serverSession != null && !serverSession.getId().equals(sessionId) )
+ serverSession=null;
if( ! create || serverSession!=null )
return serverSession;
--
To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]>
For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
