You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bi...@apache.org on 2003/01/11 04:00:09 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/core Request.java
billbarker 2003/01/10 19:00:07
Modified: src/share/org/apache/tomcat/core Request.java
Log:
Make certain that the session still belong to us before returning it.
If the Servlet invalidates the session, and then later requests a new one, it is possible for the one we have to be valid because it is now being used by somebody else. Thus we have to make certain that it still belongs to us before returning it.
Real Fix for bug #15894
Reported By: Christian Wicke cwicke@ics.uci.edu
Revision Changes Path
1.116 +2 -0 jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java
Index: Request.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/core/Request.java,v
retrieving revision 1.115
retrieving revision 1.116
diff -u -r1.115 -r1.116
--- Request.java 27 Apr 2002 03:45:18 -0000 1.115
+++ Request.java 11 Jan 2003 03:00:06 -0000 1.116
@@ -714,6 +714,8 @@
public ServerSession getSession(boolean create) {
if (serverSession!=null && !serverSession.isValid())
serverSession=null;
+ if (serverSession != null && !serverSession.getId().equals(sessionId) )
+ serverSession=null;
if( ! create || serverSession!=null )
return serverSession;
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>