On Tue, 2003-06-17 at 21:12, [EMAIL PROTECTED] wrote: > Does this cause the page to behave as if they double submitted it?
I've been trying to get my head round the possible permutations of this and I am not sure if it would be better to treat this case as if the test failed or if it is safe to ignore it. I'll work it through some more later. > -----Original Message----- > From: Peter Courcoux [mailto:[EMAIL PROTECTED] > Sent: Tuesday, June 17, 2003 4:03 PM > To: Turbine Developers List > Subject: NPE's when session times out using session access counter > > > Hi all, > > I just noticed that an NPE is thrown by TemplateSessionValidator if > session access counters are used, to prevent double submit of forms, > when the session times out and the timed out user subsequently tries to > navigate to a new page. > > I attach a patch for consideration. > > Index: TemplateSessionValidator.java > =================================================================== > RCS file: > /home/cvspublic/jakarta-turbine-2/src/java/org/apache/turbine/modules/action > s/sessionvalidator/TemplateSessionValidator.java,v > retrieving revision 1.8 > diff -u -r1.8 TemplateSessionValidator.java > --- TemplateSessionValidator.java 9 Mar 2003 02:34:36 -0000 1.8 > +++ TemplateSessionValidator.java 17 Jun 2003 19:55:48 -0000 > @@ -134,7 +134,8 @@ > // the session_access_counter can be placed as a hidden field > in > // forms. This can be used to prevent a user from using the > // browsers back button and submitting stale data. > - else if > (data.getParameters().containsKey("_session_access_counter")) > + else if > (data.getParameters().containsKey("_session_access_counter") && > + (data.getUser().getTemp("_session_access_counter") != > null)) > { > // See comments in screens.error.InvalidState. > if (data.getParameters().getInt("_session_access_counter") > < > > Thanks, > > Peter -- Peter Courcoux <[EMAIL PROTECTED]> --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
