ignite-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Vladimir Ozerov (JIRA)" <j...@apache.org>
Subject [jira] [Created] (IGNITE-3159) WebSession: Incorrect handling of HttpServletRequest.getRequestedSessionId.
Date Wed, 18 May 2016 08:45:13 GMT
Vladimir Ozerov created IGNITE-3159:
---------------------------------------

             Summary: WebSession: Incorrect handling of HttpServletRequest.getRequestedSessionId.
                 Key: IGNITE-3159
                 URL: https://issues.apache.org/jira/browse/IGNITE-3159
             Project: Ignite
          Issue Type: Bug
          Components: websession
    Affects Versions: 1.5.0.final
            Reporter: Vladimir Ozerov
            Assignee: Dmitry Karachentsev
             Fix For: 1.7


{{WebSessionFilter}} use HttpServletRequest.getRequestedSessionId() method to get session
ID.

However, specification says that this method might return ID which is different from ID of
currently active session. E.g. when request is performed with ID of already invalidated session.
But we never account for this and pass this session ID to our session.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message