You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@shale.apache.org by "Bernhard Huemer (JIRA)" <ji...@apache.org> on 2007/08/05 19:37:38 UTC
[jira] Created: (SHALE-461) TokenProcessor bypasses
HttpSession.setAttribute()
TokenProcessor bypasses HttpSession.setAttribute()
--------------------------------------------------
Key: SHALE-461
URL: https://issues.apache.org/struts/browse/SHALE-461
Project: Shale
Issue Type: Bug
Components: Core
Reporter: Bernhard Huemer
Priority: Trivial
The TokenProcessor (org.apache.shale.util.Tokenprocessor) saves the generated Token in a Set, which itself is saved in the session. The problem is that there is no additional call to setAttribute (i.e. no additional call to sessionMap.put) but that's a requirement for a server which wants to replicate only the deltas of a session. However, I was never confronted to this problem as I've never used Shale in a distributed environment. This report is just based on my understanding of session replication so please correct me if I'm wrong.
/// TokenProcessor.java, line 87
// Store the generated value for later verification
Set set = (Set)
context.getExternalContext().getSessionMap().get(ShaleConstants.TOKENS);
if (set == null) {
set = new HashSet();
context.getExternalContext().getSessionMap().put(ShaleConstants.TOKENS, set);
}
set.add(token);
\\\
The following modification should work.
///
// Store the generated value for later verification
Set set = (Set)
context.getExternalContext().getSessionMap().get(ShaleConstants.TOKENS);
if (set == null) {
set = new HashSet();
}
set.add(token);
context.getExternalContext().getSessionMap().put(ShaleConstants.TOKENS, set);
\\\
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.