Hello,
    We have a struts2 project. In that project we have a security procedure
in order to log in the users. As part of the login process, the session is
destroyed and recreated once the user is logged in, in order to avoid
Session hijacking. The problem we are having is that the action finally
returns a JSP, and that JSP has a OGNL reference to the session as follows:

<s:if test="#session[@com.spb.mvc.util.Constants@ATRB_SESSION_USER] != null
">

   It seems that the reference #session points to the previous version, as
we are getting errors as follows:

ERROR org.apache.struts2.dispatcher.Dispatcher  - Exception occurred during
processing request: HttpSession is invalid
java.lang.IllegalStateException: HttpSession is invalid
        at
weblogic.servlet.internal.session.SessionData.getAttributeNames(SessionData.java:476)
        at
org.apache.struts2.dispatcher.SessionMap.entrySet(SessionMap.java:111)
        at java.util.AbstractMap.hashCode(AbstractMap.java:492)
        at java.util.Objects.hashCode(Objects.java:96)
        at java.util.HashMap$Entry.hashCode(HashMap.java:847)
        at java.util.AbstractMap.hashCode(AbstractMap.java:494)
        at ognl.OgnlContext.hashCode(OgnlContext.java:707)
        at java.lang.Object.toString(Object.java:237)
        at java.lang.String.valueOf(String.java:2847)
        at java.lang.StringBuilder.append(StringBuilder.java:128)



Is there some way we can force the stack to refresh the reference to the
session?

  thanks

JL

Reply via email to