[richfaces-issues] [JBoss JIRA] Created: (RF-8274) Creating an HttpSession with Ajax Request and then redirecting the response causes an HTTPSession to leak
yagish sharma (JIRA)
jira-events at lists.jboss.org
Tue Jan 19 11:25:33 EST 2010
Creating an HttpSession with Ajax Request and then redirecting the response causes an HTTPSession to leak
---------------------------------------------------------------------------------------------------------
Key: RF-8274
URL: https://jira.jboss.org/jira/browse/RF-8274
Project: RichFaces
Issue Type: Bug
Security Level: Public (Everyone can see)
Components: component-a4j-core
Affects Versions: 3.3.2.GA
Environment: j2sdk1.5.0_06/1.6.0_14, Windows/Linux, JSF1.2, JBoss 5.1.0GA, Weblogic 9.2
Reporter: yagish sharma
While running the load test on our environment, we found a HTTPSession object getting created in response to an AjaxRequest, but in the "redirected" response, the Set-Cookie - JSessionID was missing causing the server to leak an HttpSession. Further digging down the issue, we found the BaseXMLFilter.resetResponse method "resets" the original (server) response object, and then copies the cookies over from a response wrapper, thus missing to reset the JSessionID cookie into the response object.
This issue is closely related to how the JSessionID is set in the response object by the AppServer. JBoss (Tomcat), on creation of an HTTPSession object, creates a JSessionID cookie and appends it directly to the response object's cookies arrayList (without calling the ServletResponse.addCookie() method).
Similar behavior was found in load testing on Weblogic 9.2 app server as well.
--
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: https://jira.jboss.org/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira
More information about the richfaces-issues
mailing list