[richfaces-issues] [JBoss JIRA] Updated: (RF-8274) Creating an HttpSession with Ajax Request and then redirecting the response causes an HTTPSession to leak

Jay Balunas (JIRA) jira-events at lists.jboss.org
Tue Jan 26 15:50:27 EST 2010


     [ https://jira.jboss.org/jira/browse/RF-8274?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jay Balunas updated RF-8274:
----------------------------

    Fix Version/s: Future


> Creating an HttpSession with Ajax Request and then redirecting the response causes an HTTPSession to leak
> ---------------------------------------------------------------------------------------------------------
>
>                 Key: RF-8274
>                 URL: https://jira.jboss.org/jira/browse/RF-8274
>             Project: RichFaces
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: component-a4j-core
>    Affects Versions: 3.3.2.GA
>         Environment: j2sdk1.5.0_06/1.6.0_14, Windows/Linux, JSF1.2, JBoss 5.1.0GA, Weblogic 9.2
>            Reporter: yagish sharma
>             Fix For: Future
>
>
> While running the load test on our environment, we found a HTTPSession object getting created in response to an AjaxRequest, but in the "redirected" response, the Set-Cookie - JSessionID was missing causing the server to leak an HttpSession. Further digging down the issue, we found the BaseXMLFilter.resetResponse method "resets" the original (server) response object, and then copies the cookies over from a response wrapper,  thus missing to reset the JSessionID cookie into the response object.
>  This issue is closely related to how the JSessionID is set in the response object by the AppServer. JBoss (Tomcat), on creation of an HTTPSession object, creates a JSessionID cookie and appends it directly to the response object's cookies arrayList (without calling the ServletResponse.addCookie() method).  
> Similar behavior was found in load testing on Weblogic 9.2 app server as well. 

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira

        


More information about the richfaces-issues mailing list