You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2010/11/23 18:59:49 UTC
svn commit: r1038235 - in /tomcat/trunk/webapps: docs/changelog.xml
manager/WEB-INF/jsp/sessionDetail.jsp
Author: markt
Date: Tue Nov 23 17:59:49 2010
New Revision: 1038235
URL: http://svn.apache.org/viewvc?rev=1038235&view=rev
Log:
Fix https://issues.apache.org/bugzilla/show_bug.cgi?id=50318
Avoid NPE when viewing session detail for expired sessions
Modified:
tomcat/trunk/webapps/docs/changelog.xml
tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
Modified: tomcat/trunk/webapps/docs/changelog.xml
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/docs/changelog.xml?rev=1038235&r1=1038234&r2=1038235&view=diff
==============================================================================
--- tomcat/trunk/webapps/docs/changelog.xml (original)
+++ tomcat/trunk/webapps/docs/changelog.xml Tue Nov 23 17:59:49 2010
@@ -290,31 +290,35 @@
Improve Tomcat Logging documentation. (kkolinko)
</update>
<fix>
- <bug>50303</bug>: Update JNDI how-to to reflect new JavaMail download
- location and that JAF is now included in Java SE 6. (markt)
+ <bug>50303</bug>: Update JNDI how-to to reflect the new JavaMail
+ download location and that JAF is now included in Java SE 6. (markt)
</fix>
<fix>
- Fix ordering functionality on sessions page for HTML Manager
+ Fix ordering functionality on sessions page for the HTML Manager
application. (markt)
</fix>
<fix>
- Fix primary sessions not always being treated as such in HTML Manager
- application. (markt)
+ Fix primary sessions not always being treated as such in the HTML
+ Manager application. (markt)
</fix>
<fix>
- Fix message not being displayed after session attribute removal in HTML
- Manager application. (markt)
+ Fix message not being displayed after session attribute removal in the
+ HTML Manager application. (markt)
</fix>
<fix>
- <bug>50310</bug>: Fix display of Servlet information in Manager
+ <bug>50310</bug>: Fix display of Servlet information in the Manager
application. (markt)
</fix>
<fix>
- CVE-2010-4172: Multiple XSS in Manager application. (markt/kkolinko)
+ CVE-2010-4172: Multiple XSS in the Manager application. (markt/kkolinko)
</fix>
<fix>
- <bug>50316</bug>: Fix display of negative values in Manager application.
- (kkolinko)
+ <bug>50316</bug>: Fix display of negative values in the Manager
+ application. (kkolinko)
+ </fix>
+ <fix>
+ <bug>50318</bug>: Avoid NPE when trying to view session detail for an
+ expired session in the Manager application. (markt)
</fix>
</changelog>
</subsection>
Modified: tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp
URL: http://svn.apache.org/viewvc/tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp?rev=1038235&r1=1038234&r2=1038235&view=diff
==============================================================================
--- tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp (original)
+++ tomcat/trunk/webapps/manager/WEB-INF/jsp/sessionDetail.jsp Tue Nov 23 17:59:49 2010
@@ -32,8 +32,14 @@
String version = (String) request.getAttribute("version");
ContextName cn = new ContextName(path, version);
Session currentSession = (Session)request.getAttribute("currentSession");
- HttpSession currentHttpSession = currentSession.getSession();
- String currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ String currentSessionId = null;
+ HttpSession currentHttpSession = null;
+ if (currentSession != null) {
+ currentHttpSession = currentSession.getSession();
+ currentSessionId = JspHelper.escapeXml(currentSession.getId());
+ } else {
+ currentSessionId = "Session invalidated";
+ }
String submitUrl = JspHelper.escapeXml(response.encodeURL(
((HttpServletRequest) pageContext.getRequest()).getRequestURI() +
"?path=" + path + "&version=" + version));
@@ -50,118 +56,122 @@
<title>Sessions Administration: details for <%= currentSessionId %></title>
</head>
<body>
-<h1>Details for Session <%= currentSessionId %></h1>
-
-<table style="text-align: left;" border="0">
- <tr>
- <th>Session Id</th>
- <td><%= currentSessionId %></td>
- </tr>
- <tr>
- <th>Guessed Locale</th>
- <td><%= JspHelper.guessDisplayLocaleFromSession(currentSession) %></td>
- </tr>
- <tr>
- <th>Guessed User</th>
- <td><%= JspHelper.guessDisplayUserFromSession(currentSession) %></td>
- </tr>
- <tr>
- <th>Creation Time</th>
- <td><%= JspHelper.getDisplayCreationTimeForSession(currentSession) %></td>
- </tr>
- <tr>
- <th>Last Accessed Time</th>
- <td><%= JspHelper.getDisplayLastAccessedTimeForSession(currentSession) %></td>
- </tr>
- <tr>
- <th>Session Max Inactive Interval</th>
- <td><%= JspHelper.secondsToTimeString(currentSession.getMaxInactiveInterval()) %></td>
- </tr>
- <tr>
- <th>Used Time</th>
- <td><%= JspHelper.getDisplayUsedTimeForSession(currentSession) %></td>
- </tr>
- <tr>
- <th>Inactive Time</th>
- <td><%= JspHelper.getDisplayInactiveTimeForSession(currentSession) %></td>
- </tr>
- <tr>
- <th>TTL</th>
- <td><%= JspHelper.getDisplayTTLForSession(currentSession) %></td>
- </tr>
-</table>
-
-<form method="post" action="<%= submitUrl %>">
- <div>
- <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
- <input type="hidden" name="action" value="sessionDetail" />
- <%
- if ("Primary".equals(request.getParameter("sessionType"))) {
- %>
- <input type="hidden" name="sessionType" value="Primary" />
- <%
- }
- %> <input type="submit" value="Refresh" />
- </div>
-</form>
-
-<div class="error"><%= JspHelper.escapeXml(request.getAttribute("error")) %></div>
-<div class="message"><%= JspHelper.escapeXml(request.getAttribute("message")) %></div>
-
-<table style="text-align: left;" border="1" cellpadding="2" cellspacing="2">
-<% int nAttributes = 0;
- Enumeration attributeNamesEnumeration = currentHttpSession.getAttributeNames();
- while (attributeNamesEnumeration.hasMoreElements()) {
- attributeNamesEnumeration.nextElement();
- ++nAttributes;
- }
-%>
- <caption style="font-variant: small-caps;"><%= JspHelper.formatNumber(nAttributes) %> attributes</caption>
- <thead>
- <tr>
- <th>Remove Attribute</th>
- <th>Attribute name</th>
- <th>Attribute value</th>
- </tr>
- </thead>
- <%--tfoot>
- <tr>
- <td colspan="3" style="text-align: center;">
- TODO: set Max Inactive Interval on sessions
- </td>
- </tr>
- </tfoot--%>
- <tbody>
-<% attributeNamesEnumeration = currentHttpSession.getAttributeNames();
- while (attributeNamesEnumeration.hasMoreElements()) {
- String attributeName = (String) attributeNamesEnumeration.nextElement();
-%>
- <tr>
- <td align="center">
- <form method="post" action="<%= submitUrl %>">
- <div>
- <input type="hidden" name="action" value="removeSessionAttribute" />
- <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
- <input type="hidden" name="attributeName" value="<%= JspHelper.escapeXml(attributeName) %>" />
- <%
- if ("Primary".equals(request.getParameter("sessionType"))) {
- %>
- <input type="submit" value="Remove" />
- <input type="hidden" name="sessionType" value="Primary" />
- <%
- } else {
- out.print("Primary sessions only");
- }
- %>
- </div>
- </form>
- </td>
- <td><%= JspHelper.escapeXml(attributeName) %></td>
- <td><% Object attributeValue = currentHttpSession.getAttribute(attributeName); %><span title="<%= attributeValue == null ? "" : attributeValue.getClass().toString() %>"><%= JspHelper.escapeXml(attributeValue) %></span></td>
- </tr>
-<% } // end while %>
- </tbody>
-</table>
+<% if (currentHttpSession == null) { %>
+ <h1><%=currentSessionId%></h1>
+<% } else { %>
+ <h1>Details for Session <%= currentSessionId %></h1>
+
+ <table style="text-align: left;" border="0">
+ <tr>
+ <th>Session Id</th>
+ <td><%= currentSessionId %></td>
+ </tr>
+ <tr>
+ <th>Guessed Locale</th>
+ <td><%= JspHelper.guessDisplayLocaleFromSession(currentSession) %></td>
+ </tr>
+ <tr>
+ <th>Guessed User</th>
+ <td><%= JspHelper.guessDisplayUserFromSession(currentSession) %></td>
+ </tr>
+ <tr>
+ <th>Creation Time</th>
+ <td><%= JspHelper.getDisplayCreationTimeForSession(currentSession) %></td>
+ </tr>
+ <tr>
+ <th>Last Accessed Time</th>
+ <td><%= JspHelper.getDisplayLastAccessedTimeForSession(currentSession) %></td>
+ </tr>
+ <tr>
+ <th>Session Max Inactive Interval</th>
+ <td><%= JspHelper.secondsToTimeString(currentSession.getMaxInactiveInterval()) %></td>
+ </tr>
+ <tr>
+ <th>Used Time</th>
+ <td><%= JspHelper.getDisplayUsedTimeForSession(currentSession) %></td>
+ </tr>
+ <tr>
+ <th>Inactive Time</th>
+ <td><%= JspHelper.getDisplayInactiveTimeForSession(currentSession) %></td>
+ </tr>
+ <tr>
+ <th>TTL</th>
+ <td><%= JspHelper.getDisplayTTLForSession(currentSession) %></td>
+ </tr>
+ </table>
+
+ <form method="post" action="<%= submitUrl %>">
+ <div>
+ <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
+ <input type="hidden" name="action" value="sessionDetail" />
+ <%
+ if ("Primary".equals(request.getParameter("sessionType"))) {
+ %>
+ <input type="hidden" name="sessionType" value="Primary" />
+ <%
+ }
+ %> <input type="submit" value="Refresh" />
+ </div>
+ </form>
+
+ <div class="error"><%= JspHelper.escapeXml(request.getAttribute("error")) %></div>
+ <div class="message"><%= JspHelper.escapeXml(request.getAttribute("message")) %></div>
+
+ <table style="text-align: left;" border="1" cellpadding="2" cellspacing="2">
+ <% int nAttributes = 0;
+ Enumeration attributeNamesEnumeration = currentHttpSession.getAttributeNames();
+ while (attributeNamesEnumeration.hasMoreElements()) {
+ attributeNamesEnumeration.nextElement();
+ ++nAttributes;
+ }
+ %>
+ <caption style="font-variant: small-caps;"><%= JspHelper.formatNumber(nAttributes) %> attributes</caption>
+ <thead>
+ <tr>
+ <th>Remove Attribute</th>
+ <th>Attribute name</th>
+ <th>Attribute value</th>
+ </tr>
+ </thead>
+ <%--tfoot>
+ <tr>
+ <td colspan="3" style="text-align: center;">
+ TODO: set Max Inactive Interval on sessions
+ </td>
+ </tr>
+ </tfoot--%>
+ <tbody>
+ <% attributeNamesEnumeration = currentHttpSession.getAttributeNames();
+ while (attributeNamesEnumeration.hasMoreElements()) {
+ String attributeName = (String) attributeNamesEnumeration.nextElement();
+ %>
+ <tr>
+ <td align="center">
+ <form method="post" action="<%= submitUrl %>">
+ <div>
+ <input type="hidden" name="action" value="removeSessionAttribute" />
+ <input type="hidden" name="sessionId" value="<%= currentSessionId %>" />
+ <input type="hidden" name="attributeName" value="<%= JspHelper.escapeXml(attributeName) %>" />
+ <%
+ if ("Primary".equals(request.getParameter("sessionType"))) {
+ %>
+ <input type="submit" value="Remove" />
+ <input type="hidden" name="sessionType" value="Primary" />
+ <%
+ } else {
+ out.print("Primary sessions only");
+ }
+ %>
+ </div>
+ </form>
+ </td>
+ <td><%= JspHelper.escapeXml(attributeName) %></td>
+ <td><% Object attributeValue = currentHttpSession.getAttribute(attributeName); %><span title="<%= attributeValue == null ? "" : attributeValue.getClass().toString() %>"><%= JspHelper.escapeXml(attributeValue) %></span></td>
+ </tr>
+ <% } // end while %>
+ </tbody>
+ </table>
+<% } // endif%>
<form method="post" action="<%=submitUrl%>">
<p style="text-align: center;">
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org