You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@ignite.apache.org by "Vladimir Ozerov (JIRA)" <ji...@apache.org> on 2016/08/04 05:53:20 UTC

[jira] [Updated] (IGNITE-3159) WebSession: Incorrect handling of HttpServletRequest.getRequestedSessionId.

     [ https://issues.apache.org/jira/browse/IGNITE-3159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Vladimir Ozerov updated IGNITE-3159:
------------------------------------
    Assignee:     (was: Vladimir Ozerov)

> WebSession: Incorrect handling of HttpServletRequest.getRequestedSessionId.
> ---------------------------------------------------------------------------
>
>                 Key: IGNITE-3159
>                 URL: https://issues.apache.org/jira/browse/IGNITE-3159
>             Project: Ignite
>          Issue Type: Bug
>          Components: websession
>    Affects Versions: 1.5.0.final
>            Reporter: Vladimir Ozerov
>             Fix For: 1.8
>
>
> {{WebSessionFilter}} use HttpServletRequest.getRequestedSessionId() method to get session ID.
> However, specification says that this method might return ID which is different from ID of currently active session. E.g. when request is performed with ID of already invalidated session. But we never account for this and pass this session ID to our session.



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)