Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Message-ID: <3A05F4EC.3489C76D@eng.sun.com>
Date: Sun, 05 Nov 2000 16:01:48 -0800
From: "Craig R. McClanahan" <Craig.McClanahan@eng.sun.com>
MIME-Version: 1.0
To: tomcat-dev@jakarta.apache.org
Subject: Re: Possible tomcat 3.2beta6 bug in session management
References: 
 <463436231.971425990071.JavaMail.root@porquerolles.garda-access.com>
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 7bit

psomma@garda-access.com wrote:

> Hi,
>
> I have found a different session behavior between tomcat3.1 and
> tomcat3.2
>
> I have a code in a servlet that invalidates a session, if is present,
> and creates a new session.
> The servlet works without any problem with tomcat 3.1 but
> with tomcat 3.2 beta6 there is the following exception:
>
> javax.servlet.ServletException: java.lang.IllegalStateException: setAttribute: Session already invalidated
>         at com.ga.ify.web.WebFront.service(WebFront.java:169)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> ...
>
> The code is:
>
>         HttpSession session;
>         if ((session = request.getSession(false)) != null) {
>             // invalidate the old session
>             session.invalidate();
>             session = null;
>         }
>         // creates the new session
>         session = request.getSession(true);
>         session.setMaxInactiveInterval(TIMEOUT * 60);
>
> There is a tomcat 3.2b6 bug ?
>

Yes it is ... or at least it was.  I just submitted a patch for this. 
Thanks for the bug report.

>
> Thanks for your attention
>
>                         Paolo Sommaruga
>

Craig McClanahan