tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Stansberry <>
Subject Re: 9077 Patch
Date Mon, 24 Nov 2003 23:39:49 GMT
At 10:29 PM 11/24/2003 +0100, you wrote:
>Nelson, Luke wrote:
>>Hopefully Brian can take the patch I added, and test it under 5.0
>>since he indicated he was available to make the change.
>That would be good. I can apply a verified TC 5 patch tomorrow if you can post one. Otherwise,
the issue won't be fixed in 5.0.15.

Yes, I'm working on this and have integrated Luke's patch w/ the TC5 SSO version.  Had to
run out and fix a customer's broken network, but I'll be on this the rest of the day.

But, the IllegalStateException issue needs to be resolved.  Luke, your patch has no problem
in TC4 because the IllegalStateException in getLastAccessedTime() was added in TC5.  Off the
top of my head, I can think of only 1 potential workaround, which is to move the logic that
throws the exception to HttpSessionFacade; this complies with the javadoc version that specifies
the exception in javax.servlet.http.HttpSession but leaves the method in StandardSession available
for internal use anytime.  Kind of a hack, and it changes the behavior of the public API of
StandardSession.  But, the exception throw is not specified in the javadoc for interface o.a.c.Session,
and a quick look at the TC5 usages of o.a.c.Session.getLastAccessedTime() shows a few calls
to the method that 1) aren't making any obvious tests for session validity before invoking
it; and 2) aren't catching IllegalStateException.

2) ManagerBase.getLastAccessedTime()
3) PersistentValve.isSessionStale()

Or we can hope the final spec matches the JSR154-PFD3 javadoc, and not the J2EE1.4 docs on
the Sun site ;-)

Any thoughts?

Brian Stansberry
WAN Concepts, Inc.
Tel:    (510) 894-0114 x 116
Fax:    (510) 797-3005 

To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message