You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@felix.apache.org by "Carsten Ziegeler (Jira)" <ji...@apache.org> on 2022/02/20 12:37:00 UTC
[jira] [Closed] (FELIX-6504) HttpSessionWrapper getId() throws unexpected IllegalStateException
[ https://issues.apache.org/jira/browse/FELIX-6504?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Carsten Ziegeler closed FELIX-6504.
-----------------------------------
> HttpSessionWrapper getId() throws unexpected IllegalStateException
> ------------------------------------------------------------------
>
> Key: FELIX-6504
> URL: https://issues.apache.org/jira/browse/FELIX-6504
> Project: Felix
> Issue Type: Bug
> Components: HTTP Service
> Affects Versions: http.jetty-4.1.14, http.bridge-4.1.6, http.base-4.1.6
> Reporter: Steven Huypens
> Assignee: Carsten Ziegeler
> Priority: Minor
> Fix For: http.jetty-4.2.0, http.base-4.2.0, http.bridge-4.2.0
>
>
> When using Spring's SecurityContextLogoutHandler, I ran into an IllegalStateException because of this code
>
> {code:java}
> HttpSession session = request.getSession(false);
> if (session != null) {
> session.invalidate();
> if (this.logger.isDebugEnabled()) {
> this.logger.debug(LogMessage.format("Invalidated session %s", session.getId()));
> }
> } {code}
> Looking at the HttpSessionWrapper.java this makes sense
> {code}
> @Override
> public String getId()
> {
> this.checkInvalid();
> if ( this.config.isUniqueSessionId() )
> {
> return this.delegate.getId().concat("-").concat(this.sessionId);
> }
> return this.delegate.getId();
> }
> {code}
> The Spring code assumes session.getId() can safely be called, even after the session has been invalidated. I'm not sure where to look for the specs, but I think that assumption is correct.
--
This message was sent by Atlassian Jira
(v8.20.1#820001)