You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by lu...@apache.org on 2004/12/08 02:25:52 UTC
cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core ApplicationHttpRequest.java
luehe 2004/12/07 17:25:52
Modified: catalina/src/share/org/apache/catalina/core
ApplicationHttpRequest.java
Log:
Fix for 28709
("javax.servlet.http.HttpServletRequest.isRequestedSessionIdValid()
returns true for an invalidated session!")
Please let me know if you have any issues with this fix. I verified that
all Servlet TCKs are still passing.
Revision Changes Path
1.22 +39 -1 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java
Index: ApplicationHttpRequest.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/core/ApplicationHttpRequest.java,v
retrieving revision 1.21
retrieving revision 1.22
diff -u -r1.21 -r1.22
--- ApplicationHttpRequest.java 12 Mar 2004 19:45:43 -0000 1.21
+++ ApplicationHttpRequest.java 8 Dec 2004 01:25:52 -0000 1.22
@@ -34,6 +34,7 @@
import org.apache.catalina.Context;
import org.apache.catalina.Globals;
import org.apache.catalina.Session;
+import org.apache.catalina.Manager;
import org.apache.catalina.util.Enumerator;
import org.apache.catalina.util.RequestUtil;
import org.apache.catalina.util.StringManager;
@@ -518,6 +519,43 @@
return super.getSession(create);
}
+ }
+
+
+ /**
+ * Returns true if the request specifies a JSESSIONID that is valid within
+ * the context of this ApplicationHttpRequest, false otherwise.
+ *
+ * @return true if the request specifies a JSESSIONID that is valid within
+ * the context of this ApplicationHttpRequest, false otherwise.
+ */
+ public boolean isRequestedSessionIdValid() {
+
+ if (crossContext) {
+
+ String requestedSessionId = getRequestedSessionId();
+ if (requestedSessionId == null)
+ return (false);
+ if (context == null)
+ return (false);
+ Manager manager = context.getManager();
+ if (manager == null)
+ return (false);
+ Session session = null;
+ try {
+ session = manager.findSession(requestedSessionId);
+ } catch (IOException e) {
+ session = null;
+ }
+ if ((session != null) && session.isValid()) {
+ return (true);
+ } else {
+ return (false);
+ }
+
+ } else {
+ return super.isRequestedSessionIdValid();
+ }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org