You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ki...@apache.org on 2001/02/13 09:58:55 UTC

cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/session StandardSessionInterceptor.java

kief        01/02/13 00:58:54

  Modified:    src/share/org/apache/tomcat/session Tag: tomcat_32
                        StandardSessionInterceptor.java
  Log:
  Repaired the if clause which checks whether a session has been found
  from the session manager. The code was calling request.setSession(sess) even when the value
  of sess was null. This only seemed to have cropped up during forwarding, and then
  only when the request included an invalid session ID: the first servlet in the
  chain would create a session, then when the forwarded servlet requested the
  session this little bug wiped out the first session.
  
  This was reported as bug 504 in Bugzilla.
  
  I also standardized indentation in this area of the code, since it contributed to making
  the bug a bitch to track down!
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.5.2.4   +15 -13    jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardSessionInterceptor.java
  
  Index: StandardSessionInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardSessionInterceptor.java,v
  retrieving revision 1.5.2.3
  retrieving revision 1.5.2.4
  diff -u -r1.5.2.3 -r1.5.2.4
  --- StandardSessionInterceptor.java	2000/11/18 01:33:59	1.5.2.3
  +++ StandardSessionInterceptor.java	2001/02/13 08:58:54	1.5.2.4
  @@ -123,19 +123,21 @@
   	    log( "Configuration error in StandardSessionInterceptor - no context " + request );
   	}
   
  -      // Added by Hans:
  -      // First check if we have a valid session ID from the URL, set by the SessionInterceptor,
  -      // and if so, set it as the request session. If we have also received a valid session ID
  -      // as a cookie, the next section of code will reset the session to the one matching the
  -      // ID found in the cookie.
  -      String requestedSessionID = request.getRequestedSessionId();
  -      if (requestedSessionID != null) {
  -          if (debug > 0) log("Found URL session ID: " + requestedSessionID);
  -          sess = sM.findSession(requestedSessionID);
  -          if (sess != null)
  -              if (debug > 0) log("The URL session ID is valid");
  -              request.setSession(sess);
  -      }
  +	// Added by Hans:
  +	// First check if we have a valid session ID from the URL, set by the SessionInterceptor,
  +	// and if so, set it as the request session. If we have also received a valid session ID
  +	// as a cookie, the next section of code will reset the session to the one matching the
  +	// ID found in the cookie.
  +	String requestedSessionID = request.getRequestedSessionId();
  +	if (requestedSessionID != null) {
  +	    if (debug > 0) 
  +		log("Found URL session ID: " + requestedSessionID);
  +	    sess = sM.findSession(requestedSessionID);
  +	    if (sess != null) {
  +		if (debug > 0) log("The URL session ID is valid");
  +		request.setSession(sess);
  +	    }
  +	}
   
   	// PF, loop across all cookies named JSESSIONID checking to see if any of them are valid.
   	// There should in most cases be a maximum of 2, and normally there will only be one. The