Author: remy.maucherat(a)jboss.com Date: 2010-01-19 12:17:24 -0500 (Tue, 19 Jan 2010) New Revision: 1361 Modified: trunk/java/org/apache/catalina/Session.java trunk/java/org/apache/catalina/connector/CoyoteAdapter.java trunk/java/org/apache/catalina/session/StandardSession.java Log: - Avoid checking for session validity out of the webapp context, which would be a source of problems. Instead, when more than one cookie is present, only check if there is a session object and it is currently valid. - Add direct access to the validity state of the session. Modified: trunk/java/org/apache/catalina/Session.java =================================================================== --- trunk/java/org/apache/catalina/Session.java 2010-01-15 14:43:28 UTC (rev 1360) +++ trunk/java/org/apache/catalina/Session.java 2010-01-19 17:17:24 UTC (rev 1361) @@ -222,6 +222,13 @@ public boolean isValid(); + /** + * Return the <code>isValid</code> flag for this session without doing any + * validity check. + */ + public boolean isValidInternal(); + + // --------------------------------------------------------- Public Methods Modified: trunk/java/org/apache/catalina/connector/CoyoteAdapter.java =================================================================== --- trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 2010-01-15 14:43:28 UTC (rev 1360) +++ trunk/java/org/apache/catalina/connector/CoyoteAdapter.java 2010-01-19 17:17:24 UTC (rev 1361) @@ -54,6 +54,8 @@ import org.apache.catalina.Context; import org.apache.catalina.Globals; +import org.apache.catalina.Manager; +import org.apache.catalina.Session; import org.apache.catalina.Wrapper; import org.apache.catalina.connector.Request.AsyncListenerRegistration; import org.apache.catalina.util.StringManager; @@ -666,19 +668,14 @@ if (!request.isRequestedSessionIdFromCookie()) { // Accept only the first session id cookie convertMB(scookie.getValue()); - request.setRequestedSessionId - (scookie.getValue().toString()); + request.setRequestedSessionId(scookie.getValue().toString()); request.setRequestedSessionCookie(true); request.setRequestedSessionURL(false); - if (log.isDebugEnabled()) - log.debug(" Requested cookie session id is " + - request.getRequestedSessionId()); } else { - if (!request.isRequestedSessionIdValid()) { + if (!checkSessionIdValid(request, request.getRequestedSessionId())) { // Replace the session id until one is valid convertMB(scookie.getValue()); - request.setRequestedSessionId - (scookie.getValue().toString()); + request.setRequestedSessionId(scookie.getValue().toString()); } } } @@ -686,7 +683,33 @@ } + + /** + * Return <code>true</code> if the session identifier specified + * identifies a valid session. + */ + public boolean checkSessionIdValid(Request request, String id) { + if (id == null) + return (false); + Context context = request.getContext(); + if (context == null) + return (false); + Manager manager = context.getManager(); + if (manager == null) + return (false); + Session session = null; + try { + session = manager.findSession(id); + } catch (IOException e) { + session = null; + } + if ((session != null) && session.isValidInternal()) + return (true); + else + return (false); + } + /** * Character conversion of the URI. */ Modified: trunk/java/org/apache/catalina/session/StandardSession.java =================================================================== --- trunk/java/org/apache/catalina/session/StandardSession.java 2010-01-15 14:43:28 UTC (rev 1360) +++ trunk/java/org/apache/catalina/session/StandardSession.java 2010-01-19 17:17:24 UTC (rev 1361) @@ -45,7 +45,6 @@ import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSessionListener; -import org.apache.catalina.Container; import org.apache.catalina.Context; import org.apache.catalina.Globals; import org.apache.catalina.Manager; @@ -1384,7 +1383,7 @@ * Return the <code>isValid</code> flag for this session without any expiration * check. */ - protected boolean isValidInternal() { + public boolean isValidInternal() { return (this.isValid || this.expiring); }