cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core ApplicationHttpRequest.java

Tue, 11 Jan 2005 12:39:56 -0800 

luehe       2005/01/11 12:39:52

  Modified:    catalina/src/share/org/apache/catalina/core
                        ApplicationHttpRequest.java
  Log:
  Fix for 32832 ("request.getSession(false) fails to return null").
  
  I believe this bug has been valid: If the session in the foreign
  context has been invalidated, it must not be returned. A comment in
  the code actually stated that the current session be returned "if it
  exists and is valid", but the isValid() check on the session was
  missing, and is being added by this commit.
  Also, a session is now created in the foreign context only if 'create' is 
TRUE.
  
  Revision  Changes    Path
  1.23      +9 -6      
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java
  
  Index: ApplicationHttpRequest.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java,v
  retrieving revision 1.22
  retrieving revision 1.23
  diff -u -r1.22 -r1.23
  --- ApplicationHttpRequest.java       8 Dec 2004 01:25:52 -0000       1.22
  +++ ApplicationHttpRequest.java       11 Jan 2005 20:39:52 -0000      1.23
  @@ -482,8 +482,9 @@
                   return (null);
   
               // Return the current session if it exists and is valid
  -            if (session != null)
  +            if (session != null && session.isValid()) {
                   return (session.getSession());
  +         }
   
               HttpSession other = super.getSession(false);
               if (create && (other == null)) {
  @@ -500,7 +501,7 @@
                   } catch (IOException e) {
                       // Ignore
                   }
  -                if (localSession == null) {
  +                if (localSession == null && create) {
                       localSession = context.getManager().createEmptySession();
                       localSession.setNew(true);
                       localSession.setValid(true);
  @@ -509,9 +510,11 @@
                           (context.getManager().getMaxInactiveInterval());
                       localSession.setId(other.getId());
                   }
  -                localSession.access();
  -                session = localSession;
  -                return session.getSession();
  +                if (localSession != null) {
  +                    localSession.access();
  +                    session = localSession;
  +                    return session.getSession();
  +                }
               }
               return null;
   
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to