• Bug
  • Status: Closed
  • 2 Major
  • Resolution: Fixed
  • Sessions
  • hhuynh
  • Reporter: alex
  • June 11, 2007
  • 0
  • Watchers: 2
  • June 26, 2007
  • June 22, 2007


This problem is reported by http://forums.terracotta.org/forums/posts/list/280.page

BUG DETAILS: App Code: session.invalidate(); request.getSession(true).getAttribute(“…”);

Container Behavior: Tomcat will create a new session as long as response has not been commited.

TC Session Behavior: TCS throws IllegalStateException exception on all session-related operation after session.invalidate() has been called.

FIX DETAILS: We will have to do the following:

  • if response has been committed throw IllegalStateException
  • else, correctly release the lock on the old session id
  • generate a new session id and acquire a lock on it
  • write new session cookie (if request hopped a server this might create 2 session id cookies, so the old one should be removed)
  • proceed with the request and unlock the new session id at the end
  • correctly remove invalidated session[s] from the store
  • if request is forwarded more complications arise


Alex Voskoboynik 2007-06-11

It’s confirmed that it’s broken in Tomcat. I’s probably broken the same way in all supported containers.

Fiona OShea 2007-06-15

Seems that another user ran into this http://forums.terracotta.org/forums/posts/list/288.page

Fiona OShea 2007-06-25

verify fixed in 2.4 branch