tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 28709] - javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid() returns true for an invalidated session!
Date Mon, 17 May 2004 11:40:22 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG 
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=28709>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND 
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=28709

javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid() returns true for an invalidated
session!

blumm@apache.org changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |
            Version|5.0.16                      |5.0.23



------- Additional Comments From blumm@apache.org  2004-05-17 11:40 -------
I still think there is a bug in Tomcat 5.x. BTW I wrote two test
web-applications, which will reproduce the problem for you. I have attached code   
for you. Please take a look at the readme for some instructions about
installation and execution.

Here some comments about the generell idea of the test:

Servlet 1 includes Servlet2 in a cross context environment. It gets a dispatcher
by "coServletContext.getRequestDispatcher(coServletPath)".
Servlet2 gets a new session on the first request and invalidates this session by
"httpSession.invalidate()" and tests the invalidation by
"httpServletRequestWrapper.isRequestedSessionIdValid()" on the second request.
"isRequestedSessionIdValid()" returns "true" instead of "false", which is a bug
 from my point of view.

What do you think? Thank you in advance for your help.

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message