You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ki...@apache.org on 2001/02/13 09:58:55 UTC
cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/session StandardSessionInterceptor.java
kief 01/02/13 00:58:54
Modified: src/share/org/apache/tomcat/session Tag: tomcat_32
StandardSessionInterceptor.java
Log:
Repaired the if clause which checks whether a session has been found
from the session manager. The code was calling request.setSession(sess) even when the value
of sess was null. This only seemed to have cropped up during forwarding, and then
only when the request included an invalid session ID: the first servlet in the
chain would create a session, then when the forwarded servlet requested the
session this little bug wiped out the first session.
This was reported as bug 504 in Bugzilla.
I also standardized indentation in this area of the code, since it contributed to making
the bug a bitch to track down!
Revision Changes Path
No revision
No revision
1.5.2.4 +15 -13 jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardSessionInterceptor.java
Index: StandardSessionInterceptor.java
===================================================================
RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/Attic/StandardSessionInterceptor.java,v
retrieving revision 1.5.2.3
retrieving revision 1.5.2.4
diff -u -r1.5.2.3 -r1.5.2.4
--- StandardSessionInterceptor.java 2000/11/18 01:33:59 1.5.2.3
+++ StandardSessionInterceptor.java 2001/02/13 08:58:54 1.5.2.4
@@ -123,19 +123,21 @@
log( "Configuration error in StandardSessionInterceptor - no context " + request );
}
- // Added by Hans:
- // First check if we have a valid session ID from the URL, set by the SessionInterceptor,
- // and if so, set it as the request session. If we have also received a valid session ID
- // as a cookie, the next section of code will reset the session to the one matching the
- // ID found in the cookie.
- String requestedSessionID = request.getRequestedSessionId();
- if (requestedSessionID != null) {
- if (debug > 0) log("Found URL session ID: " + requestedSessionID);
- sess = sM.findSession(requestedSessionID);
- if (sess != null)
- if (debug > 0) log("The URL session ID is valid");
- request.setSession(sess);
- }
+ // Added by Hans:
+ // First check if we have a valid session ID from the URL, set by the SessionInterceptor,
+ // and if so, set it as the request session. If we have also received a valid session ID
+ // as a cookie, the next section of code will reset the session to the one matching the
+ // ID found in the cookie.
+ String requestedSessionID = request.getRequestedSessionId();
+ if (requestedSessionID != null) {
+ if (debug > 0)
+ log("Found URL session ID: " + requestedSessionID);
+ sess = sM.findSession(requestedSessionID);
+ if (sess != null) {
+ if (debug > 0) log("The URL session ID is valid");
+ request.setSession(sess);
+ }
+ }
// PF, loop across all cookies named JSESSIONID checking to see if any of them are valid.
// There should in most cases be a maximum of 2, and normally there will only be one. The