You are viewing a plain text version of this content. The canonical link for it is here.
Posted to users@tomcat.apache.org by "Klein, Carsten" <c....@datagis.com> on 2020/02/13 13:22:35 UTC
Potential bug in StandardSession and DeltaSession
Hi there,
Chris, thanks for your fast GIT introduction :) I took this as a
(mental) starting point for developing the new 'persistAuthentication'
option of the Managers (Standard and Persistent). Almost there... I will
push this branch to my GitHub fork as soon as possible (tomorrow?).
Maybe you (and also Mark) could have a look at it before I open a
Bugzilla enhancement?
During that, I may have found a bug in both StandardSession and
DeltaSession. In both classes, there is a doReadObject method, which
loads the session from storage. When reading session attributes, the
code expects de-serialization failures for attribute values. Although
each class does this a bit differently, both classes do catch a
WriteAbortedException and log/continue if that exception's getCause()
returns an instance of NotSerializableException. For any other cause,
the WriteAbortedException gets re-thrown.
AFAIK, those exceptions are never thrown when reading from an
ObjectInputStream. Maybe that's a copy and paste bug? Method readObject
should throw ClassNotFoundException and any subclass of
ObjectStreamException except WriteAbortedException and
NotSerializableException.
Carsten
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org
Re: Potential bug in StandardSession and DeltaSession
Posted by "Klein, Carsten" <c....@datagis.com>.
Hi,
forget about the potential bug. Sorry for taking your time. Seems like
that WriteAbortedException is thrown when reading object data
occasionally. AFAIK I understand it, it's just like a container
exception; the actual error is stored in the exception's cause. Uh...
that's odd...
Carsten
> Hi there,
>
> Chris, thanks for your fast GIT introduction :) I took this as a
> (mental) starting point for developing the new 'persistAuthentication'
> option of the Managers (Standard and Persistent). Almost there... I will
> push this branch to my GitHub fork as soon as possible (tomorrow?).
> Maybe you (and also Mark) could have a look at it before I open a
> Bugzilla enhancement?
>
> During that, I may have found a bug in both StandardSession and
> DeltaSession. In both classes, there is a doReadObject method, which
> loads the session from storage. When reading session attributes, the
> code expects de-serialization failures for attribute values. Although
> each class does this a bit differently, both classes do catch a
> WriteAbortedException and log/continue if that exception's getCause()
> returns an instance of NotSerializableException. For any other cause,
> the WriteAbortedException gets re-thrown.
>
> AFAIK, those exceptions are never thrown when reading from an
> ObjectInputStream. Maybe that's a copy and paste bug? Method readObject
> should throw ClassNotFoundException and any subclass of
> ObjectStreamException except WriteAbortedException and
> NotSerializableException.
>
> Carsten
>
> ---------------------------------------------------------------------
> To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
> For additional commands, e-mail: users-help@tomcat.apache.org
>
---------------------------------------------------------------------
To unsubscribe, e-mail: users-unsubscribe@tomcat.apache.org
For additional commands, e-mail: users-help@tomcat.apache.org