ignite-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dmitry Karachentsev (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (IGNITE-3159) WebSession: Incorrect handling of HttpServletRequest.getRequestedSessionId.
Date Thu, 19 May 2016 11:57:12 GMT

     [ https://issues.apache.org/jira/browse/IGNITE-3159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dmitry Karachentsev resolved IGNITE-3159.
-----------------------------------------
    Resolution: Won't Fix
      Assignee: Vladimir Ozerov  (was: Dmitry Karachentsev)

> WebSession: Incorrect handling of HttpServletRequest.getRequestedSessionId.
> ---------------------------------------------------------------------------
>
>                 Key: IGNITE-3159
>                 URL: https://issues.apache.org/jira/browse/IGNITE-3159
>             Project: Ignite
>          Issue Type: Bug
>          Components: websession
>    Affects Versions: 1.5.0.final
>            Reporter: Vladimir Ozerov
>            Assignee: Vladimir Ozerov
>             Fix For: 1.7
>
>
> {{WebSessionFilter}} use HttpServletRequest.getRequestedSessionId() method to get session
ID.
> However, specification says that this method might return ID which is different from
ID of currently active session. E.g. when request is performed with ID of already invalidated
session. But we never account for this and pass this session ID to our session.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message