[
Date Prev][
Date Next][
Thread Prev][
Thread Next][
Date Index][
Thread Index]
[
List Home]
|
Re: [jetty-users] Jetty does not remove timed-out session, if the session was replaced in runtime
|
Michael,
Can you reply with details of your session configuration? And are you
using cookies or url rewriting? I am having some trouble recreating
this with a unit test.
thanks
Jan
On 25 April 2012 12:07, Jan Bartel <janb@xxxxxxxxxxx> wrote:
> Michael,
>
> I opened this bug:
>
> https://bugs.eclipse.org/bugs/show_bug.cgi?id=377610
>
> Jan
>
> On 25 April 2012 16:54, Michael Elman <tarlog@xxxxxxxxx> wrote:
>> Hi,
>>
>> the following fix seems to fix the bug:
>>
>> import java.io.IOException;
>>
>> import javax.servlet.ServletException;
>> import javax.servlet.http.HttpServletRequest;
>> import javax.servlet.http.HttpServletResponse;
>> import javax.servlet.http.HttpSession;
>>
>> import org.eclipse.jetty.server.Request;
>> import org.eclipse.jetty.server.session.SessionHandler;
>>
>> public class MySessionHandler extends SessionHandler {
>>
>> @Override
>> public void doScope(String target, Request baseRequest,
>> HttpServletRequest request, HttpServletResponse response) throws
>> IOException, ServletException {
>>
>> HttpSession oldSession = request.getSession(false);
>> super.doScope(target, baseRequest, request, response);
>> HttpSession newSession = request.getSession(false);
>>
>> if (newSession != null && oldSession != newSession) {
>> getSessionManager().complete(newSession);
>> }
>> }
>>
>> }
>>
>>
>> <Set name="sessionHandler">
>> <New class="com.playtech.chatweb.MySessionHandler">
>> </New>
>> </Set>
>>
>>
>> On Tue, Apr 24, 2012 at 5:46 PM, Michael Elman <tarlog@xxxxxxxxx> wrote:
>>>
>>> Hi,
>>>
>>> n the application, we use to switch sessions once the user mode is
>>> changed.
>>>
>>> So basically we have something like this:
>>>
>>> request.getSession(false).invalidate();
>>>
>>> request.getSession(true);
>>>
>>> Now happens the problem: after timeout, the session is not removed. After
>>> debugging some internal code, I found out that in
>>> org.eclipse.jetty.server.session.AbstractSession.timeout() the session is
>>> not removed if _requests > 0. And the _requests is greater then zero, since
>>> in org.eclipse.jetty.server.session.SessionHandler.doScope(String, Request,
>>> HttpServletRequest, HttpServletResponse) the complete() runs on the access
>>> session is increased and the same session is decreased, even if during the
>>> invocation the actual session was replaced!
>>>
>>> Did anyone experience the same problem and managed to solve it?
>>>
>>>
>>> Thanks,
>>>
>>> Michael
>>>
>>> P.S. This question was also posted at Stackverflow
>>> at http://stackoverflow.com/q/10300283/547779
>>
>>
>>
>> _______________________________________________
>> jetty-users mailing list
>> jetty-users@xxxxxxxxxxx
>> https://dev.eclipse.org/mailman/listinfo/jetty-users
>>
