tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From bugzi...@apache.org
Subject DO NOT REPLY [Bug 40305] New: - The getSession() method returns invalid session.
Date Wed, 23 Aug 2006 12:03:04 GMT
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG·
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=40305>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND·
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=40305

           Summary: The getSession() method returns invalid session.
           Product: Tomcat 5
           Version: 5.5.17
          Platform: Other
        OS/Version: Windows XP
            Status: NEW
          Severity: normal
          Priority: P2
         Component: Catalina
        AssignedTo: tomcat-dev@jakarta.apache.org
        ReportedBy: suzuki.yuichiro@jp.fujitsu.com


I noticed that the counter "accessCount" of StandardSession is not synchronized 
to the session table of the Manager.
That cause a problem.

The Specification 2.4 says:
---
The session invalidation will not take effect until all servlets using that 
session have exited the service method.
---

The problem is:
1. First request creates a session.
2. Next request invokes getSession(false).
     In the Request#doGetSession() method,
        2.1. The manager's findSession() method is called.
        2.2. It is checked whether the session is valid by using the session's 
isValid() method.
     We assume that the current thread changes before StandardSession#access() 
is called. 
3. ManagerBase#processExpires() is called.
   In this timing, the session will be invalidated if the session is time-out,
   because the counter "accessCount" is 0.
4. StandardSession#access() is called with the former thread.
5. The getSession(false) method returns invalid session.

However, we were expecting Null or an valid session. 

I think that it is necessary to do some synchronous processing between 
accessCounter and the session table.

-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org


Mime
View raw message