Hi all,
I just noticed that an NPE is thrown by TemplateSessionValidator if
session access counters are used, to prevent double submit of forms,
when the session times out and the timed out user subsequently tries to
navigate to a new page.
I attach a patch for consideration.
Index: TemplateSessionValidator.java
===================================================================
RCS file:
/home/cvspublic/jakarta-turbine-2/src/java/org/apache/turbine/modules/actions/sessionvalidator/TemplateSessionValidator.java,v
retrieving revision 1.8
diff -u -r1.8 TemplateSessionValidator.java
--- TemplateSessionValidator.java 9 Mar 2003 02:34:36 -0000 1.8
+++ TemplateSessionValidator.java 17 Jun 2003 19:55:48 -0000
@@ -134,7 +134,8 @@
// the session_access_counter can be placed as a hidden field
in
// forms. This can be used to prevent a user from using the
// browsers back button and submitting stale data.
- else if
(data.getParameters().containsKey("_session_access_counter"))
+ else if
(data.getParameters().containsKey("_session_access_counter") &&
+ (data.getUser().getTemp("_session_access_counter") !=
null))
{
// See comments in screens.error.InvalidState.
if (data.getParameters().getInt("_session_access_counter")
<
Thanks,
Peter
--
Peter Courcoux <[EMAIL PROTECTED]>
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
