shale-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Bernhard Huemer (JIRA)" <j...@apache.org>
Subject [jira] Created: (SHALE-461) TokenProcessor bypasses HttpSession.setAttribute()
Date Sun, 05 Aug 2007 17:37:38 GMT
TokenProcessor bypasses HttpSession.setAttribute()
--------------------------------------------------

                 Key: SHALE-461
                 URL: https://issues.apache.org/struts/browse/SHALE-461
             Project: Shale
          Issue Type: Bug
          Components: Core
            Reporter: Bernhard Huemer
            Priority: Trivial


The TokenProcessor (org.apache.shale.util.Tokenprocessor) saves the generated Token in a Set,
which itself is saved in the session. The problem is that there is no additional call to setAttribute
(i.e. no additional call to sessionMap.put) but that's a requirement for a server which wants
to replicate only the deltas of a session. However, I was never confronted to this problem
as I've never used Shale in a distributed environment. This report is just based on my understanding
of session replication so please correct me if I'm wrong.

/// TokenProcessor.java, line 87

// Store the generated value for later verification
Set set = (Set)
  context.getExternalContext().getSessionMap().get(ShaleConstants.TOKENS);
if (set == null) {
    set = new HashSet();
    context.getExternalContext().getSessionMap().put(ShaleConstants.TOKENS, set);
}
set.add(token);

\\\

The following modification should work.

///

// Store the generated value for later verification
Set set = (Set)
  context.getExternalContext().getSessionMap().get(ShaleConstants.TOKENS);
if (set == null) {
    set = new HashSet();
}
set.add(token);
context.getExternalContext().getSessionMap().put(ShaleConstants.TOKENS, set);

\\\


-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message