Hi there,

Chris, thanks for your fast GIT introduction :) I took this as a (mental) starting point for developing the new 'persistAuthentication' option of the Managers (Standard and Persistent). Almost there... I will push this branch to my GitHub fork as soon as possible (tomorrow?). Maybe you (and also Mark) could have a look at it before I open a Bugzilla enhancement?

During that, I may have found a bug in both StandardSession and DeltaSession. In both classes, there is a doReadObject method, which loads the session from storage. When reading session attributes, the code expects de-serialization failures for attribute values. Although each class does this a bit differently, both classes do catch a WriteAbortedException and log/continue if that exception's getCause() returns an instance of NotSerializableException. For any other cause, the WriteAbortedException gets re-thrown.

AFAIK, those exceptions are never thrown when reading from an ObjectInputStream. Maybe that's a copy and paste bug? Method readObject should throw ClassNotFoundException and any subclass of ObjectStreamException except WriteAbortedException and NotSerializableException.


To unsubscribe, e-mail: users-unsubscr...@tomcat.apache.org
For additional commands, e-mail: users-h...@tomcat.apache.org

Reply via email to