beehive-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Rich Feit (JIRA)" <beehive-...@incubator.apache.org>
Subject [jira] Commented: (BEEHIVE-873) HTTP session gets created after the pageflow application invalidates it (logout) and the response is committed, resulting in IllegalStateException
Date Wed, 10 Aug 2005 08:51:36 GMT
    [ http://issues.apache.org/jira/browse/BEEHIVE-873?page=comments#action_12318290 ] 

Rich Feit commented on BEEHIVE-873:
-----------------------------------

OK, I've reproduced the problem, and the fix seems to work.  Assuming all tests pass, this
should be in tomorrow.

> HTTP session gets created after the pageflow application invalidates it (logout) and
the response is committed, resulting in IllegalStateException
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
>          Key: BEEHIVE-873
>          URL: http://issues.apache.org/jira/browse/BEEHIVE-873
>      Project: Beehive
>         Type: Bug
>   Components: NetUI
>     Versions: v1m1, V1Beta, V1Alpha
>  Environment: Beehive SVN latest,
> Tomcat 5.5.7 and Tomcat 5.5.9
>     Reporter: Abdessattar Sassi
>     Assignee: Rich Feit
>  Attachments: session-patch.txt
>
> The application scenarion is as following:
> - A JSP calls an action in a page flow controller that does the logout from the application.
> - The pageflow logout action is as following:
>     /**
>      */
>     @Jpf.Action(
>             forwards = {
>                     @Jpf.Forward(name = "success", path = "/bye.html", redirect = true)
>             }
>     )
>     protected Forward doLogout() {
>         // Logout but if running with Single Sign-On in the app server, do not
>         // invalidate all the sessions.
>         // The current application session will be invalidated manually right
>         // after the logout.
>         logout(false);
>         HttpSession session = getRequest().getSession(false);
>         if (session != null) {
>             session.invalidate();
>         }
>         return new Forward("success");
>     }
> - The HTTP session get invalidated by the application, it actually also gets invalidated
by the Tomcat server adapter PageFlowValve in logout().
> - The request processing in PageFlowrequestProcessor,
> private void processInternal( HttpServletRequest request, HttpServletResponse response
)
> ends teh processing by calling the DeferredSessionStorageHandler  public void applyChanges(
RequestContext context ) method which does the following:
>         if ( changedAttrs != null )
>         {
>             HttpSession session = request.getSession();
> - The call to getSession() results in an attempt to create the Session object again even
though the response has been committed by Tomcat. Such conditions result in an IllegalStateException
thrown by Tomcat and an error page to the user.
> A suggested good behavior (to be validated by the beehive developers) is to obtain the
session without creating it and checking if a session exists or not before applying the changes:
>         if ( changedAttrs != null )
>         {
>             HttpSession session = request.getSession(false);
>             if ( session != null )
>             {
> A patch to the DeferredSessionStorageHandler  class is provided with this issue report.
The patch was tested and now the application works just like expected. After logout, the bye.html
page is displayed and no more session exists in the Tomcat server after logout.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira


Mime
View raw message