tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40111] New: - HttpSession's getLastAccessedTime() does not always return previous request's access time
Date Wed, 26 Jul 2006 06:46:42 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40111>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40111

           Summary: HttpSession's getLastAccessedTime() does not always
                    return previous request's access time
           Product: Tomcat 5
           Version: 5.5.17
          Platform: Other
        OS/Version: Windows 2000
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: dies@jp.fujitsu.com


I noticed a difference in behaviour between Tomcat 4.1 and Tomcat 5.5.17, of the
getLastAccessedTime() method of HttpSession.
In Tomcat 5.5.17, this method returns the time of the last request (before the
current one) that actually accesses the session.
In Tomcat 4.1, it returns the time of the last request that was part of the session.

This means, that if you create a session in servlet A, the user then calls a
servlet B that does not call the getSession method, and then goes to a servlet C
to check getLastAccessedTime()'s value, it will get the time of the request to
servlet A in Tomcat 5.5.17, and B in Tomcat 4.1.

<Servlet spec (2.3 and 2.4) quote>
The getLastAccessedTime method of the HttpSession interface allows a servlet to
determine the last time the session was accessed before the current request. The
session is considered to be accessed when a request that is part of the session
is first handled by the servlet container.
</quote>

Based on the first sentence I'd expect to get the access time of servlet A, but
with the definition of "to be accessed" in the second sentence I'd expect to get
the access time of servlet B.

Either way, if I use the response.encodeURL method in servlet B, Tomcat 5.5.17
will give me the same result as Tomcat 4.1. Therefore I think this is a bug and
not a change of interpretation of the spec.
#encodeURL leads to an update of the lastAccessed field:
	StandardSession.access() line: 608	
	Request.doGetSession(boolean) line: 2203	
	Request.getSessionInternal(boolean) line: 2169	
	Response.isEncodeable(String) line: 1362	
	Response.encodeURL(String) line: 1092	
	ResponseFacade.encodeURL(String) line: 363	
	MySession.doGet(HttpServletRequest, HttpServletResponse) line: 35	

I will try to attach my test application, which also includes a png image of a
sequence diagram in which I try to explain what I am doing.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message