Return-Path: 
 <beehive-dev-return-6701-apmail-incubator-beehive-dev-archive=incubator.apache.org@incubator.apache.org>
Delivered-To: apmail-incubator-beehive-dev-archive@www.apache.org
Received: (qmail 53754 invoked from network); 3 Aug 2005 13:55:17 -0000
Received: from hermes.apache.org (HELO mail.apache.org) (209.237.227.199)
  by minotaur.apache.org with SMTP; 3 Aug 2005 13:55:17 -0000
Received: (qmail 15351 invoked by uid 500); 3 Aug 2005 13:55:16 -0000
Delivered-To: apmail-incubator-beehive-dev-archive@incubator.apache.org
Received: (qmail 15328 invoked by uid 500); 3 Aug 2005 13:55:16 -0000
Mailing-List: contact beehive-dev-help@incubator.apache.org; run by ezmlm
Precedence: bulk
List-Help: <mailto:beehive-dev-help@incubator.apache.org>
List-Unsubscribe: <mailto:beehive-dev-unsubscribe@incubator.apache.org>
List-Post: <mailto:beehive-dev@incubator.apache.org>
List-Id: <beehive-dev.incubator.apache.org>
Reply-To: "Beehive Developers" <beehive-dev@incubator.apache.org>
Delivered-To: mailing list beehive-dev@incubator.apache.org
Received: (qmail 15315 invoked by uid 99); 3 Aug 2005 13:55:15 -0000
X-ASF-Spam-Status: No, hits=0.0 required=10.0
	tests=SPF_FAIL
X-Spam-Check-By: apache.org
Received: from [192.87.106.226] (HELO ajax.apache.org) (192.87.106.226)
    by apache.org (qpsmtpd/0.29) with ESMTP; Wed, 03 Aug 2005 06:55:03 -0700
Received: from ajax.apache.org (ajax.apache.org [127.0.0.1])
	by ajax.apache.org (Postfix) with ESMTP id EFE37DF
	for <beehive-dev@incubator.apache.org>;
 Wed,  3 Aug 2005 15:54:59 +0200 (CEST)
Message-ID: <398281120.1123077299980.JavaMail.jira@ajax.apache.org>
Date: Wed, 3 Aug 2005 15:54:59 +0200 (CEST)
From: "Abdessattar Sassi (JIRA)" <beehive-dev@incubator.apache.org>
To: beehive-dev@incubator.apache.org
Subject: [jira] Updated: (BEEHIVE-873) HTTP session gets created after the
 pageflow application invalidates it (logout) and the response is committed,
 resulting in IllegalStateException
In-Reply-To: <1627998019.1123077282480.JavaMail.jira@ajax.apache.org>
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8
Content-Transfer-Encoding: 7bit
X-Virus-Checked: Checked by ClamAV on apache.org
X-Spam-Rating: minotaur.apache.org 1.6.2 0/1000/N

     [ http://issues.apache.org/jira/browse/BEEHIVE-873?page=all ]

Abdessattar Sassi updated BEEHIVE-873:
--------------------------------------

    Attachment: session-patch.txt

Patch to DeferredSessionStorageHandler  class to fix the session access issue.

> HTTP session gets created after the pageflow application invalidates it (logout) and the response is committed, resulting in IllegalStateException
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
>          Key: BEEHIVE-873
>          URL: http://issues.apache.org/jira/browse/BEEHIVE-873
>      Project: Beehive
>         Type: Bug
>   Components: NetUI
>     Versions: v1m1, V1Beta, V1Alpha
>  Environment: Beehive SVN latest,
> Tomcat 5.5.7 and Tomcat 5.5.9
>     Reporter: Abdessattar Sassi
>  Attachments: session-patch.txt
>
> The application scenarion is as following:
> - A JSP calls an action in a page flow controller that does the logout from the application.
> - The pageflow logout action is as following:
>     /**
>      */
>     @Jpf.Action(
>             forwards = {
>                     @Jpf.Forward(name = "success", path = "/bye.html", redirect = true)
>             }
>     )
>     protected Forward doLogout() {
>         // Logout but if running with Single Sign-On in the app server, do not
>         // invalidate all the sessions.
>         // The current application session will be invalidated manually right
>         // after the logout.
>         logout(false);
>         HttpSession session = getRequest().getSession(false);
>         if (session != null) {
>             session.invalidate();
>         }
>         return new Forward("success");
>     }
> - The HTTP session get invalidated by the application, it actually also gets invalidated by the Tomcat server adapter PageFlowValve in logout().
> - The request processing in PageFlowrequestProcessor,
> private void processInternal( HttpServletRequest request, HttpServletResponse response )
> ends teh processing by calling the DeferredSessionStorageHandler  public void applyChanges( RequestContext context ) method which does the following:
>         if ( changedAttrs != null )
>         {
>             HttpSession session = request.getSession();
> - The call to getSession() results in an attempt to create the Session object again even though the response has been committed by Tomcat. Such conditions result in an IllegalStateException thrown by Tomcat and an error page to the user.
> A suggested good behavior (to be validated by the beehive developers) is to obtain the session without creating it and checking if a session exists or not before applying the changes:
>         if ( changedAttrs != null )
>         {
>             HttpSession session = request.getSession(false);
>             if ( session != null )
>             {
> A patch to the DeferredSessionStorageHandler  class is provided with this issue report. The patch was tested and now the application works just like expected. After logout, the bye.html page is displayed and no more session exists in the Tomcat server after logout.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
   http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
   http://www.atlassian.com/software/jira