You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@wicket.apache.org by Rakesh A <ia...@rediffmail.com> on 2018/04/03 12:24:45 UTC
Re: NPE on session invalidation
I see the ticket https://issues.apache.org/jira/browse/WICKET-6547 closed as
'resolved' with resolution 'not a problem'. Instead of reopening it I wanted
to discuss the usecase here and decide on re-opening.
Is is allowed to call 'Session.isSessionInvalidated()' from
'WebSession.onInvalidate()' ?
Java doc doesn't say much about its usage (when to or When not to).
We are using #onInvalidate() as a hook to do some cleanup. With 6.29.0
because of a call to isSessionInvlaidated() we get a NullPointerException.
WICKET-6547.7z
<http://apache-wicket.1842946.n4.nabble.com/file/t374719/WICKET-6547.7z>
Regards,
Rakesh.A
--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: NPE on session invalidation
Posted by Emond Papegaaij <em...@topicus.nl>.
I think it should be enough to change the javadoc. The method returns
true when the session was invalidated *during the current request*.
Without a request there is no way of telling whether the session is
invalidated or not. IMHO throwing an exception is fine, but this
behavior should be documented. If a default must be chosen, I'd opt
for false not true. Without a request there is no way the session can
be marked for invalidation, so it should not return true.
Best regards,
Emond
On Tue, Apr 3, 2018 at 5:42 PM, Martin Grigorov <mg...@apache.org> wrote:
> On Tue, Apr 3, 2018 at 4:17 PM, Rakesh A <ia...@rediffmail.com> wrote:
>
>> Actually, we've bit more complex scenario I should say; we've multiple
>> webapps running on tomcat with SSO valve configured; which means logout on
>> one application kills the session on other applications and we've session
>> implementation class with logout & session invalidation handling.
>> In both cases logout/invalidate, we try to do some cleanup (at a high level
>> both call one method), which has this check 'isSessionInvalidated()' before
>> proceeding with cleanup.
>>
>
> You didn't answer my question (or I didn't understand your answer).
> Why do you need to use "isSessionInvalidated()" in your cleanup method ?
> Is the cleanup method called in some other cases ? If it is just called by
> logout/onInvalidate then there is no need to check "isSessionInvalidated()".
>
> But I agree that isSessionInvalidated should be improved to return true if
> there is no RequestCycle. If there is no RequestCycle then there is no
> Request, so there is no Session. But then the name would be confusing - one
> cannot be sure whether there was no session on first place or it has been
> invalidated.
> In any case this method is public and there is nothing saying that it is an
> internal API, so there should not be any assumptions.
>
>
>>
>> Regards,
>> Rakesh.A
>>
>> --
>> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-
>> f1842947.html
>>
>> ---------------------------------------------------------------------
>> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
>> For additional commands, e-mail: users-help@wicket.apache.org
>>
>>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: NPE on session invalidation
Posted by Rakesh A <ia...@rediffmail.com>.
Hi,
Sorry for a delayed reply, didn't had chance to work on it till today.
Martin Grigorov-4 wrote
> You didn't answer my question (or I didn't understand your answer).
> Why do you need to use "isSessionInvalidated()" in your cleanup method ?
> Is the cleanup method called in some other cases ? If it is just called by
> logout/onInvalidate then there is no need to check
> "isSessionInvalidated()".
Yes, mentioned cleanup method is called in few other cases as well.
I managed to avoid a call to "isSessionInvalidated()" during session
invalidation by doing small refactoring of our implementation.
Regards,
Rakesh.A
--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: NPE on session invalidation
Posted by Martin Grigorov <mg...@apache.org>.
On Tue, Apr 3, 2018 at 4:17 PM, Rakesh A <ia...@rediffmail.com> wrote:
> Actually, we've bit more complex scenario I should say; we've multiple
> webapps running on tomcat with SSO valve configured; which means logout on
> one application kills the session on other applications and we've session
> implementation class with logout & session invalidation handling.
> In both cases logout/invalidate, we try to do some cleanup (at a high level
> both call one method), which has this check 'isSessionInvalidated()' before
> proceeding with cleanup.
>
You didn't answer my question (or I didn't understand your answer).
Why do you need to use "isSessionInvalidated()" in your cleanup method ?
Is the cleanup method called in some other cases ? If it is just called by
logout/onInvalidate then there is no need to check "isSessionInvalidated()".
But I agree that isSessionInvalidated should be improved to return true if
there is no RequestCycle. If there is no RequestCycle then there is no
Request, so there is no Session. But then the name would be confusing - one
cannot be sure whether there was no session on first place or it has been
invalidated.
In any case this method is public and there is nothing saying that it is an
internal API, so there should not be any assumptions.
>
> Regards,
> Rakesh.A
>
> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-
> f1842947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>
Re: NPE on session invalidation
Posted by Rakesh A <ia...@rediffmail.com>.
Actually, we've bit more complex scenario I should say; we've multiple
webapps running on tomcat with SSO valve configured; which means logout on
one application kills the session on other applications and we've session
implementation class with logout & session invalidation handling.
In both cases logout/invalidate, we try to do some cleanup (at a high level
both call one method), which has this check 'isSessionInvalidated()' before
proceeding with cleanup.
Regards,
Rakesh.A
--
Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842947.html
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
For additional commands, e-mail: users-help@wicket.apache.org
Re: NPE on session invalidation
Posted by Martin Grigorov <mg...@apache.org>.
Hi,
On Tue, Apr 3, 2018 at 3:24 PM, Rakesh A <ia...@rediffmail.com> wrote:
> I see the ticket https://issues.apache.org/jira/browse/WICKET-6547 closed
> as
> 'resolved' with resolution 'not a problem'. Instead of reopening it I
> wanted
> to discuss the usecase here and decide on re-opening.
>
> Is is allowed to call 'Session.isSessionInvalidated()' from
> 'WebSession.onInvalidate()' ?
> Java doc doesn't say much about its usage (when to or When not to).
>
I agree that more information should be added to the javadoc!
>
> We are using #onInvalidate() as a hook to do some cleanup. With 6.29.0
> because of a call to isSessionInvlaidated() we get a NullPointerException.
>
Why do you use "isSessionInvlaidated()" ?
Since "onInvalidate()" is called that means the Session is no more valid.
What extra information do you get from isSessionInvlaidated() ?
> WICKET-6547.7z
> <http://apache-wicket.1842946.n4.nabble.com/file/t374719/WICKET-6547.7z>
>
> Regards,
> Rakesh.A
>
> --
> Sent from: http://apache-wicket.1842946.n4.nabble.com/Users-forum-f1842
> 947.html
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@wicket.apache.org
> For additional commands, e-mail: users-help@wicket.apache.org
>
>