You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@beehive.apache.org by ri...@apache.org on 2005/08/10 17:46:27 UTC
svn commit: r231272 -
/beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/internal/DeferredSessionStorageHandler.java
Author: rich
Date: Wed Aug 10 08:46:23 2005
New Revision: 231272
URL: http://svn.apache.org/viewcvs?rev=231272&view=rev
Log:
Fix for http://issues.apache.org/jira/browse/BEEHIVE-873 : HTTP session gets created after the pageflow application invalidates it (logout) and the response is committed, resulting in IllegalStateException
The fix is based on a contribution from Abdessattar Sassi.
tests: bvt in netui (WinXP)
BB: self (linux)
Modified:
beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/internal/DeferredSessionStorageHandler.java
Modified: beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/internal/DeferredSessionStorageHandler.java
URL: http://svn.apache.org/viewcvs/beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/internal/DeferredSessionStorageHandler.java?rev=231272&r1=231271&r2=231272&view=diff
==============================================================================
--- beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/internal/DeferredSessionStorageHandler.java (original)
+++ beehive/trunk/netui/src/pageflow/org/apache/beehive/netui/pageflow/internal/DeferredSessionStorageHandler.java Wed Aug 10 08:46:23 2005
@@ -20,7 +20,6 @@
import org.apache.beehive.netui.pageflow.handler.StorageHandler;
import org.apache.beehive.netui.pageflow.RequestContext;
import org.apache.beehive.netui.pageflow.ServletContainerAdapter;
-import org.apache.beehive.netui.pageflow.PageFlowManagedObject;
import org.apache.beehive.netui.pageflow.scoping.ScopedServletUtils;
import javax.servlet.ServletContext;
@@ -82,12 +81,19 @@
Object currentValue = request.getAttribute( attrName );
//
+ // Note that we unconditionally get/create the session. We want to make sure that the session exists when
+ // we set an attribute, since we will *not* create it in applyChanges, to prevent recreation of an
+ // intentionally-invalidated session.
+ //
+ HttpSession session = request.getSession();
+
+ //
// Emulate a setAttribute on the session: if the value is an HttpSessionBindingListener, invoke its
// valueUnbound(). Note that we don't currently care about calling valueBound().
//
if ( currentValue != null && currentValue != value && currentValue instanceof HttpSessionBindingListener )
{
- HttpSessionBindingEvent event = new SessionBindingEvent( request.getSession(), attrName, currentValue );
+ HttpSessionBindingEvent event = new SessionBindingEvent( session, attrName, currentValue );
( ( HttpSessionBindingListener ) currentValue ).valueUnbound( event );
}
@@ -150,12 +156,18 @@
public void applyChanges( RequestContext context )
{
HttpServletRequest request = ScopedServletUtils.getOuterRequest( ( HttpServletRequest ) context.getRequest() );
+ HttpSession session = request.getSession( false );
+
+ //
+ // If the session doesn't exist, we don't want to recreate it. It has most likely been intentionally
+ // invalidated, since we did ensure its existance in getAttribute.
+ //
+ if ( session == null ) return;
+
HashSet changedAttrs = getChangedAttributesList( request, false, true );
if ( changedAttrs != null )
{
- HttpSession session = request.getSession();
-
//
// Go through each changed attribute, and either write it to the session or remove it to the session,
// depending on whether or not it exists in the request.