You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by "Craig R. McClanahan" <Cr...@eng.sun.com> on 2000/11/06 01:01:48 UTC

Re: Possible tomcat 3.2beta6 bug in session management

psomma@garda-access.com wrote:

> Hi,
>
> I have found a different session behavior between tomcat3.1 and
> tomcat3.2
>
> I have a code in a servlet that invalidates a session, if is present,
> and creates a new session.
> The servlet works without any problem with tomcat 3.1 but
> with tomcat 3.2 beta6 there is the following exception:
>
> javax.servlet.ServletException: java.lang.IllegalStateException: setAttribute: Session already invalidated
>         at com.ga.ify.web.WebFront.service(WebFront.java:169)
>         at javax.servlet.http.HttpServlet.service(HttpServlet.java:853)
> ...
>
> The code is:
>
>         HttpSession session;
>         if ((session = request.getSession(false)) != null) {
>             // invalidate the old session
>             session.invalidate();
>             session = null;
>         }
>         // creates the new session
>         session = request.getSession(true);
>         session.setMaxInactiveInterval(TIMEOUT * 60);
>
> There is a tomcat 3.2b6 bug ?
>

Yes it is ... or at least it was.  I just submitted a patch for this. 
Thanks for the bug report.

>
> Thanks for your attention
>
>                         Paolo Sommaruga
>

Craig McClanahan