You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2007/02/09 18:50:45 UTC

DO NOT REPLY [Bug 30028] - session attributes Map may become inconsistent start causing "strange" problems

DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG�
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://issues.apache.org/bugzilla/show_bug.cgi?id=30028>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND�
INSERTED IN THE BUG DATABASE.

http://issues.apache.org/bugzilla/show_bug.cgi?id=30028


vitor.buitoni@digitro.com.br changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|RESOLVED                    |REOPENED
         Resolution|INVALID                     |




------- Additional Comments From vitor.buitoni@digitro.com.br  2007-02-09 09:50 -------
Hi,

I'm reopening this bug, since i'm also having problems with this issue, and I
really think that someone could take a better look at this. I don't think the
bug is invalid.

I can see the problem happening when my application or tomcat itself tries to
invalidate a session, the problem happens in the method expire():

StandardWrapperValve[action]: Servlet.service() for servlet action threw exception
java.lang.ArrayIndexOutOfBoundsException: -6
        at java.util.AbstractCollection.toArray(AbstractCollection.java:177)
        at
org.apache.catalina.session.StandardSession.keys(StandardSession.java:1523)
        at
org.apache.catalina.session.StandardSession.expire(StandardSession.java:706)
        at
org.apache.catalina.session.StandardSession.expire(StandardSession.java:632)
        at
org.apache.catalina.session.StandardSession.invalidate(StandardSession.java:1051)
        at
org.apache.catalina.session.StandardSessionFacade.invalidate(StandardSessionFacade.java:149)
        at
br.com.digitro.supervisor.webapp.controller.actions.LogOutAction.execute(LogOutAction.java:31)
        at
org.apache.struts.action.RequestProcessor.processActionPerform(RequestProcessor.java:484)
        at
org.apache.struts.action.RequestProcessor.process(RequestProcessor.java:274)
        at org.apache.struts.action.ActionServlet.process(ActionServlet.java:1482)
        at org.apache.struts.action.ActionServlet.doGet(ActionServlet.java:507)


As you can see, this -6 is the result of a call to the size() method of
attributes.keySet().

Please, let's not use the spec as an excuse for not doing things the right way.
The spec clearly says that the developer has the responsibility for
synchronizing access to "session resources", but doesn't say anything about the
session itself.

The container can and should synchronize the access to the session attribute
map, it would avoid many strange problems. Another side effect of this problem
is that tomcat isn't even able to invalidate expired sessions in this situation.



-- 
Configure bugmail: http://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug, or are watching the assignee.

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org