luehe 2004/12/07 17:25:52 Modified: catalina/src/share/org/apache/catalina/core ApplicationHttpRequest.java Log: Fix for 28709 ("javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid() returns true for an invalidated session!") Please let me know if you have any issues with this fix. I verified that all Servlet TCKs are still passing. Revision Changes Path 1.22 +39 -1 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java Index: ApplicationHttpRequest.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java,v retrieving revision 1.21 retrieving revision 1.22 diff -u -r1.21 -r1.22 --- ApplicationHttpRequest.java 12 Mar 2004 19:45:43 -0000 1.21 +++ ApplicationHttpRequest.java 8 Dec 2004 01:25:52 -0000 1.22 @@ -34,6 +34,7 @@ import org.apache.catalina.Context; import org.apache.catalina.Globals; import org.apache.catalina.Session; +import org.apache.catalina.Manager; import org.apache.catalina.util.Enumerator; import org.apache.catalina.util.RequestUtil; import org.apache.catalina.util.StringManager; @@ -518,6 +519,43 @@ return super.getSession(create); } + } + + + /** + * Returns true if the request specifies a JSESSIONID that is valid within + * the context of this ApplicationHttpRequest, false otherwise. + * + * @return true if the request specifies a JSESSIONID that is valid within + * the context of this ApplicationHttpRequest, false otherwise. + */ + public boolean isRequestedSessionIdValid() { + + if (crossContext) { + + String requestedSessionId = getRequestedSessionId(); + if (requestedSessionId == null) + return (false); + if (context == null) + return (false); + Manager manager = context.getManager(); + if (manager == null) + return (false); + Session session = null; + try { + session = manager.findSession(requestedSessionId); + } catch (IOException e) { + session = null; + } + if ((session != null) && session.isValid()) { + return (true); + } else { + return (false); + } + + } else { + return super.isRequestedSessionIdValid(); + } }
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]