IGNITE-4948 - Fix for web session clustering with security
Project: http://git-wip-us.apache.org/repos/asf/ignite/repo Commit: http://git-wip-us.apache.org/repos/asf/ignite/commit/55b9b8be Tree: http://git-wip-us.apache.org/repos/asf/ignite/tree/55b9b8be Diff: http://git-wip-us.apache.org/repos/asf/ignite/diff/55b9b8be Branch: refs/heads/ignite-1192 Commit: 55b9b8beb4a3d93ea733b6bc56a566dbf0918fcf Parents: 55ab10e Author: Valentin Kulichenko <valentin.luliche...@gmail.com> Authored: Tue Apr 11 22:50:18 2017 +0200 Committer: Valentin Kulichenko <valentin.luliche...@gmail.com> Committed: Tue Apr 11 22:50:18 2017 +0200 ---------------------------------------------------------------------- .../cache/websession/WebSessionFilter.java | 22 +++++++------------- 1 file changed, 8 insertions(+), 14 deletions(-) ---------------------------------------------------------------------- http://git-wip-us.apache.org/repos/asf/ignite/blob/55b9b8be/modules/web/src/main/java/org/apache/ignite/cache/websession/WebSessionFilter.java ---------------------------------------------------------------------- diff --git a/modules/web/src/main/java/org/apache/ignite/cache/websession/WebSessionFilter.java b/modules/web/src/main/java/org/apache/ignite/cache/websession/WebSessionFilter.java index 96c1717..0644c0f 100644 --- a/modules/web/src/main/java/org/apache/ignite/cache/websession/WebSessionFilter.java +++ b/modules/web/src/main/java/org/apache/ignite/cache/websession/WebSessionFilter.java @@ -31,8 +31,9 @@ import javax.servlet.ServletContext; import javax.servlet.ServletException; import javax.servlet.ServletRequest; import javax.servlet.ServletResponse; -import javax.servlet.http.*; - +import javax.servlet.http.HttpServletRequest; +import javax.servlet.http.HttpServletRequestWrapper; +import javax.servlet.http.HttpSession; import org.apache.ignite.Ignite; import org.apache.ignite.IgniteCache; import org.apache.ignite.IgniteClientDisconnectedException; @@ -560,18 +561,10 @@ public class WebSessionFilter implements Filter { chain.doFilter(httpReq, res); - if (!cached.isValid()) - binaryCache.remove(cached.id()); - // Changed session ID. - else if (!cached.getId().equals(sesId)) { - final String oldId = cached.getId(); - - cached.invalidate(); + WebSessionV2 cachedNew = (WebSessionV2)httpReq.getSession(false); - binaryCache.remove(oldId); - } - else - updateAttributesV2(cached.getId(), cached); + if (cachedNew != null && cachedNew.isValid()) + updateAttributesV2(cachedNew.getId(), cachedNew); return sesId; } @@ -762,6 +755,7 @@ public class WebSessionFilter implements Filter { */ public void destroySession(String sesId) { assert sesId != null; + for (int i = 0; i < retries; i++) { try { if (cache.remove(sesId) && log.isDebugEnabled()) @@ -1016,7 +1010,7 @@ public class WebSessionFilter implements Filter { } } else - return null; + ses = null; } return ses;