You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@beehive.apache.org by "Rich Feit (JIRA)" <be...@incubator.apache.org> on 2005/08/10 17:48:45 UTC
[jira] Resolved: (BEEHIVE-873) HTTP session gets created after the pageflow application invalidates it (logout) and the response is committed, resulting in IllegalStateException
[ http://issues.apache.org/jira/browse/BEEHIVE-873?page=all ]
Rich Feit resolved BEEHIVE-873:
-------------------------------
Resolution: Fixed
Assign To: Alejandro Ramirez (was: Rich Feit)
Fixed with revision 231272. Thanks for investigating.
> HTTP session gets created after the pageflow application invalidates it (logout) and the response is committed, resulting in IllegalStateException
> --------------------------------------------------------------------------------------------------------------------------------------------------
>
> Key: BEEHIVE-873
> URL: http://issues.apache.org/jira/browse/BEEHIVE-873
> Project: Beehive
> Type: Bug
> Components: NetUI
> Versions: v1m1, V1Beta, V1Alpha
> Environment: Beehive SVN latest,
> Tomcat 5.5.7 and Tomcat 5.5.9
> Reporter: Abdessattar Sassi
> Assignee: Alejandro Ramirez
> Attachments: session-patch.txt
>
> The application scenarion is as following:
> - A JSP calls an action in a page flow controller that does the logout from the application.
> - The pageflow logout action is as following:
> /**
> */
> @Jpf.Action(
> forwards = {
> @Jpf.Forward(name = "success", path = "/bye.html", redirect = true)
> }
> )
> protected Forward doLogout() {
> // Logout but if running with Single Sign-On in the app server, do not
> // invalidate all the sessions.
> // The current application session will be invalidated manually right
> // after the logout.
> logout(false);
> HttpSession session = getRequest().getSession(false);
> if (session != null) {
> session.invalidate();
> }
> return new Forward("success");
> }
> - The HTTP session get invalidated by the application, it actually also gets invalidated by the Tomcat server adapter PageFlowValve in logout().
> - The request processing in PageFlowrequestProcessor,
> private void processInternal( HttpServletRequest request, HttpServletResponse response )
> ends teh processing by calling the DeferredSessionStorageHandler public void applyChanges( RequestContext context ) method which does the following:
> if ( changedAttrs != null )
> {
> HttpSession session = request.getSession();
> - The call to getSession() results in an attempt to create the Session object again even though the response has been committed by Tomcat. Such conditions result in an IllegalStateException thrown by Tomcat and an error page to the user.
> A suggested good behavior (to be validated by the beehive developers) is to obtain the session without creating it and checking if a session exists or not before applying the changes:
> if ( changedAttrs != null )
> {
> HttpSession session = request.getSession(false);
> if ( session != null )
> {
> A patch to the DeferredSessionStorageHandler class is provided with this issue report. The patch was tested and now the application works just like expected. After logout, the bye.html page is displayed and no more session exists in the Tomcat server after logout.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators:
http://issues.apache.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see:
http://www.atlassian.com/software/jira