[ http://issues.apache.org/jira/browse/BEEHIVE-873?page=comments#action_12318290 ]
Rich Feit commented on BEEHIVE-873: ----------------------------------- OK, I've reproduced the problem, and the fix seems to work. Assuming all tests pass, this should be in tomorrow. > HTTP session gets created after the pageflow application invalidates it > (logout) and the response is committed, resulting in IllegalStateException > -------------------------------------------------------------------------------------------------------------------------------------------------- > > Key: BEEHIVE-873 > URL: http://issues.apache.org/jira/browse/BEEHIVE-873 > Project: Beehive > Type: Bug > Components: NetUI > Versions: v1m1, V1Beta, V1Alpha > Environment: Beehive SVN latest, > Tomcat 5.5.7 and Tomcat 5.5.9 > Reporter: Abdessattar Sassi > Assignee: Rich Feit > Attachments: session-patch.txt > > The application scenarion is as following: > - A JSP calls an action in a page flow controller that does the logout from > the application. > - The pageflow logout action is as following: > /** > */ > @Jpf.Action( > forwards = { > @Jpf.Forward(name = "success", path = "/bye.html", > redirect = true) > } > ) > protected Forward doLogout() { > // Logout but if running with Single Sign-On in the app server, do not > // invalidate all the sessions. > // The current application session will be invalidated manually right > // after the logout. > logout(false); > HttpSession session = getRequest().getSession(false); > if (session != null) { > session.invalidate(); > } > return new Forward("success"); > } > - The HTTP session get invalidated by the application, it actually also gets > invalidated by the Tomcat server adapter PageFlowValve in logout(). > - The request processing in PageFlowrequestProcessor, > private void processInternal( HttpServletRequest request, HttpServletResponse > response ) > ends teh processing by calling the DeferredSessionStorageHandler public void > applyChanges( RequestContext context ) method which does the following: > if ( changedAttrs != null ) > { > HttpSession session = request.getSession(); > - The call to getSession() results in an attempt to create the Session object > again even though the response has been committed by Tomcat. Such conditions > result in an IllegalStateException thrown by Tomcat and an error page to the > user. > A suggested good behavior (to be validated by the beehive developers) is to > obtain the session without creating it and checking if a session exists or > not before applying the changes: > if ( changedAttrs != null ) > { > HttpSession session = request.getSession(false); > if ( session != null ) > { > A patch to the DeferredSessionStorageHandler class is provided with this > issue report. The patch was tested and now the application works just like > expected. After logout, the bye.html page is displayed and no more session > exists in the Tomcat server after logout. -- This message is automatically generated by JIRA. - If you think it was sent incorrectly contact one of the administrators: http://issues.apache.org/jira/secure/Administrators.jspa - For more information on JIRA, see: http://www.atlassian.com/software/jira