CDV ❯ TC Session: does not create a new session after session.invliadate() has been called

• Type: Bug
• Status: Closed
• Priority: 2 Major
• Resolution: Fixed
• Component/s: Sessions
• Labels:

• Assignee: hhuynh
• Reporter: alex
• Created: June 11, 2007
• Votes: 0
• Watchers: 2
• Updated:

  June 26, 2007
• Resolved:

  June 22, 2007

Description

This problem is reported by http://forums.terracotta.org/forums/posts/list/280.page

BUG DETAILS: App Code: session.invalidate(); request.getSession(true).getAttribute(“…”);

Container Behavior: Tomcat will create a new session as long as response has not been commited.

TC Session Behavior: TCS throws IllegalStateException exception on all session-related operation after session.invalidate() has been called.

FIX DETAILS: We will have to do the following:

• if response has been committed throw IllegalStateException
• else, correctly release the lock on the old session id
• generate a new session id and acquire a lock on it
• write new session cookie (if request hopped a server this might create 2 session id cookies, so the old one should be removed)
• proceed with the request and unlock the new session id at the end
• correctly remove invalidated session[s] from the store
• if request is forwarded more complications arise

Comments

Alex Voskoboynik 2007-06-11

It’s confirmed that it’s broken in Tomcat. I’s probably broken the same way in all supported containers.

Fiona OShea 2007-06-15

Seems that another user ran into this http://forums.terracotta.org/forums/posts/list/288.page

Fiona OShea 2007-06-25

verify fixed in 2.4 branch