Details
-
Type: Bug
-
Status: Closed
-
Priority: Major
-
Resolution: Fixed
-
Affects Version/s: 1.8.2a, 1.8.2-EE-GA_P02
-
Fix Version/s: 1.8.3, EE-1.8.2.GA_P03
-
Component/s: Framework
-
Labels:None
-
Environment:ICEfaces
Description
The TouchSessionFilter is designed to "touch" the session in a way such that the ICEfaces session monitoring code is notified that activity is taking place. The code in question:
...
try {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpSession session = request.getSession();
if (session != null) {
...
currently creates a session if one doesn't already exist which can lead to confusion in the framework because the the new session will contain a new ice.session value which does not match the existing ice.session value that comes in with the request.
The mismatch will be logged as an error and the ICEfaces framework will assume that the session has expired.
...
try {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpSession session = request.getSession();
if (session != null) {
...
currently creates a session if one doesn't already exist which can lead to confusion in the framework because the the new session will contain a new ice.session value which does not match the existing ice.session value that comes in with the request.
The mismatch will be logged as an error and the ICEfaces framework will assume that the session has expired.
Activity
- All
- Comments
- History
- Activity
- Remote Attachments
- Subversion
Changed the code to use the "false" parameter so that sessions are not created by the filter.
try {
HttpServletRequest request = (HttpServletRequest) servletRequest;
HttpSession session = request.getSession(false);
if (session != null) {