tomcat-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Chris Wilson" <ch...@wondergeek.com>
Subject RE: HttpSession invalidate bug???
Date Thu, 23 May 2002 02:05:09 GMT
So can anyone tell me if this is a bug or not?  It doesn't seem to be
consistent with the servlet spec and javadocs.  Thanks!

Chris Wilson

chris@wondergeek.com
www.wondergeek.com

> -----Original Message-----
> From: Chris Wilson [mailto:chris@wondergeek.com]
> Sent: Tuesday, May 21, 2002 10:37 PM
> To: 'Tomcat Users List'
> Subject: RE: HttpSession invalidate bug???
> 
> Comments below...
> 
> Chris Wilson
> 
> Web Developer
> Andrews University
> cwilson@andrews.edu
> 
> > -----Original Message-----
> > From: Scott Judd [mailto:scottjudd@amered.com]
> > Sent: Tuesday, May 21, 2002 4:46 PM
> > To: Tomcat Users List
> > Subject: Re: [Off Topic] HttpSession invalidate bug???
> >
> > Chris, I can assure you that this is not a Tomcat issue. Let's try
to
> take
> > it off-list from here. I have attached some code inline to this post
> which
> > will hopefully address, if not fix, your problem. See below:
> >
> > ----- Original Message -----
> > From: "Chris Wilson" <chris@wondergeek.com>
> >
> > > Sure that makes sense, that's what I understood was happening...
I
> > > don't think that's the problem though.  I fully expect the session
> to be
> > > invalid.
> > >
> >
> > But remember that if you call session.invalidate() on an already
> > invalidated
> > session, it throws an IllegalStateException, which is symptomatic of
> the
> > problem you described. As a matter of fact, the session object is
null
> > after
> > being invalidated, whether programmatically or by the servlet
> container,
> > so
> > getting any properties from a null object will return unexpected
> results.
> > :)
> 
> I understand that you can't call session.invalidate() on an
invalidated
> session--the javadocs support your claim.  However, they do not say
you
> can't call getMaxInactiveInterval() on an invalid session (check them
> out).  Plus, your assertion that the session object is null doesn't
make
> sense, because I can successfully call session.getLastAccessedTime().
> That should throw a NullPointerException if the session is null,
however
> it doesn't for me.
> 
> Here try this HttpSessionListner you'll see what I'm talking about
> 
> import javax.servlet.http.HttpSessionListener;
> import javax.servlet.http.HttpSessionEvent;
> import javax.servlet.http.HttpSession;
> 
> public class TestListener implements HttpSessionListener {
> 
>   public void sessionCreated(HttpSessionEvent httpSessionEvent) {
>   }
> 
>   public void sessionDestroyed(HttpSessionEvent httpSessionEvent) {
>     // ok session should be invalid here...
>     // lets test some assertions
>     // let put it in a try block to catch any exceptions
>     try {
>       HttpSession session = httpSessionEvent.getSession();
> 
>       // lets make sure session is not null
>       System.out.println(session == null);
> 
>       // ok lets try last access time
>       // this SHOULD work even if session is invalid
>       // javadocs say it will...
>       System.out.println(session.getLastAccessedTime());
>       // ta-da it does
> 
>       // ok if that worked then this should work too
>       // javadocs do not say it throws IllegalStateException
>       System.out.println(session.getMaxInactiveInterval());
>       // whoops this busts...
>       // javadocs say this shouldn't happen
>       // Servlet spec (10.7) implies using this method to see if
>       // a session is invalid because of timeout as opposed
>       // to explicit call to session.invalidate();
> 
>       // now, we won't get here cause the above fails
>       // but just to see if the session is invalid
>       // lets call something that the javadocs DO say should
>       // throw IllegalStateException on an invalid session
>       session.invalidate();
>     } catch(Exception e) {
>       e.printStackTrace();
>     }
>   }
> }
> 
> >
> >
> > > I assume that you would do that with the
> > > following code...
> > >
> > > if((System.currentTimeMillis() - session.getLastAccessedTime())
> > >   > session.getMaxInactiveInterval()) {
> > >   // session timed out
> > > }
> >
> > Actually, I believe the correct convention here would be to use
> > getMaxInactiveInterval() when the session is valid, so that it's
still
> > *legal* to get attributes from the session. Ideally, you would do
this
> in
> > the valueUnbound() method of your listener class. I'm nearly
positive
> that
> > this is occurring through a getAttribute() call in the
ServletContext
> > class
> > of the servlet container (which also throws IllegalStateException).
> After
> > the servlet container invalidates the session, all future references
> to
> > the
> > session object will evaluate to null, thus causing the exception
that
> > you're
> > getting. Note that running this code snippet on WebSphere and JRun
> > produced
> > a similar result as Tomcat. It's just plain not a server issue.
> >
> > This statement would get you the same net effect as what you're
> describing
> > above:
> > if(session == null)
> > {
> >     //handle session timeout
> > }
> 
> The problem with your example is that it doesn't tell me if the
session
> is invalid because session.invalidate() was explicitly called or
because
> it timed out.  I hate to sound like a broken record, but the spec
(10.7)
> says determining the difference should be possible by calling methods
on
> the HttpSession (read it, you'll see).
> 
> Can any Tomcat developers weigh in on this?
> 
> Thanks for all your help!
> 
> 
> --
> To unsubscribe, e-mail:   <mailto:tomcat-user-
> unsubscribe@jakarta.apache.org>
> For additional commands, e-mail: <mailto:tomcat-user-
> help@jakarta.apache.org>



--
To unsubscribe, e-mail:   <mailto:tomcat-user-unsubscribe@jakarta.apache.org>
For additional commands, e-mail: <mailto:tomcat-user-help@jakarta.apache.org>


Mime
View raw message