You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by bu...@apache.org on 2002/11/06 01:42:14 UTC
DO NOT REPLY [Bug 14283] New: -
StandardSession does not guard against Listener exceptions
DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG
RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT
<http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14283>.
ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND
INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=14283
StandardSession does not guard against Listener exceptions
Summary: StandardSession does not guard against Listener
exceptions
Product: Tomcat 4
Version: 4.1.12
Platform: Other
OS/Version: Other
Status: NEW
Severity: Normal
Priority: Other
Component: Catalina
AssignedTo: tomcat-dev@jakarta.apache.org
ReportedBy: ruvinsky@yahoo.com
(This bug also exists in the Tomcat 4.0.x code base.)
StandardSession should have try/catch(Throwable) blocks around calls to session
listeners (defined in a webapp) in case the listener logic throws an
exception/error during execution. Some listener calls are already guarded in
StandardSession but the remaining ones are:
public void passivate() {
:
:
try {
((HttpSessionActivationListener)
attribute).sessionWillPassivate(event);
} catch (Throwable t) {
; // do nothing
}
The same try/catch block should also be wrapped around the following calls in
StandardSession.java:
Line 716: ((HttpSessionActivationListener)attribute).sessionDidActivate(event);
Line 1143: ((HttpSessionBindingListener) value).valueUnbound(event);
Line 1252: ((HttpSessionBindingListener) unbound).valueUnbound
(new HttpSessionBindingEvent((HttpSession) this, name));
Line 1265: ((HttpSessionBindingListener) value).valueBound(event);
--
To unsubscribe, e-mail: <ma...@jakarta.apache.org>
For additional commands, e-mail: <ma...@jakarta.apache.org>