tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 13954] New: - invalid session passed in HttpBindingEvent on valueUnbound
Date Thu, 24 Oct 2002 22:39:32 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13954>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://nagoya.apache.org/bugzilla/show_bug.cgi?id=13954

invalid session passed in HttpBindingEvent on valueUnbound

           Summary: invalid session passed in HttpBindingEvent on
                    valueUnbound
           Product: Tomcat 4
           Version: 4.0.4 Final
          Platform: PC
        OS/Version: Windows NT/2K
            Status: NEW
          Severity: Normal
          Priority: Other
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: plittle@vergecorp.com


When a timeout occurs, the HttpSession passed into valueUnbound() via the 
HttpBindingEvent contains an already invalidated HttpSession.  Since there is 
no lifecycle of an HttpSession defined in the servlet spec, I an guessing this 
is open to implementor's to decide.  I would *expect* all listeners to have 
their valueUnbound() methods called before the session they were attached to is 
actually invalidated by the Web Container.

A stacktrace below shows the timeline of events:
--------------------------------------------------

(D)-255- | Thu Oct 24 14:36:52 MDT 2002 | OnlineMonitor | valueUnbound | 
36838.1035489988143 | Entering
java.lang.Exception: getAttribute: Session already invalidated
        at com.vergecorp.util.Log.error(Log.java:445)
        at net.ejip.monitor.online.OnlineMonitor.valueUnbound
(OnlineMonitor.java:69)
        at org.apache.catalina.session.StandardSession.removeAttribute
(StandardSession.java:1073)
        at org.apache.catalina.session.StandardSession.expire
(StandardSession.java:596)
        at org.apache.catalina.session.StandardManager.processExpires
(StandardManager.java:755)
        at org.apache.catalina.session.StandardManager.run
(StandardManager.java:832)
        at java.lang.Thread.run(Thread.java:536)
(E) | Thu Oct 24 14:36:52 MDT 2002 | OnlineMonitor | valueUnbound | 
36838.1035489988143 | getAttribute: Session already invalidated



>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

StandardSession.expire() code has the setValid(true) method called too 
early!!!!  It should really be called after all of the valueUnbound() methods 
are called.  For instance, right before the expiring=false is set near the 
bottom of the method.

/**
     * Perform the internal processing required to invalidate this session,
     * without triggering an exception if the session has already expired.
     */
    public void expire() {

        // Mark this session as "being expired" if needed
        if (expiring)
            return;
        expiring = true;
        setValid(false);

        // Remove this session from our manager's active sessions
        if (manager != null)
            manager.remove(this);

        // Unbind any objects associated with this session
        String keys[] = keys();
        for (int i = 0; i < keys.length; i++)
            removeAttribute(keys[i]);

        // Notify interested session event listeners
        fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null);

        // Notify interested application event listeners
        // FIXME - Assumes we call listeners in reverse order
        StandardContext context = (StandardContext) manager.getContainer();
        Object listeners[] = context.getApplicationListeners();
        if (listeners != null) {
            HttpSessionEvent event =
              new HttpSessionEvent(getSession());
            for (int i = 0; i < listeners.length; i++) {
                int j = (listeners.length - 1) - i;
                if (!(listeners[j] instanceof HttpSessionListener))
                    continue;
                HttpSessionListener listener =
                    (HttpSessionListener) listeners[j];
                try {
                    context.fireContainerEvent("beforeSessionDestroyed",
                                               listener);
                    listener.sessionDestroyed(event);
                    context.fireContainerEvent("afterSessionDestroyed",
                                               listener);
                } catch (Throwable t) {
                    context.fireContainerEvent("afterSessionDestroyed",
                                               listener);
                    // FIXME - should we do anything besides log these?
                    log(sm.getString("standardSession.sessionEvent"), t);
                }
            }
        }

        // We have completed expire of this session
        expiring = false;
        if ((manager != null) && (manager instanceof ManagerBase)) {
            recycle();
        }

    }

--
To unsubscribe, e-mail:   <mailto:tomcat-dev-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-dev-help@jakarta.apache.org>


Mime
View raw message