Vladimir Ozerov created IGNITE-3159:
---------------------------------------
Summary: WebSession: Incorrect handling of
HttpServletRequest.getRequestedSessionId.
Key: IGNITE-3159
URL: https://issues.apache.org/jira/browse/IGNITE-3159
Project: Ignite
Issue Type: Bug
Components: websession
Affects Versions: 1.5.0.final
Reporter: Vladimir Ozerov
Assignee: Dmitry Karachentsev
Fix For: 1.7
{{WebSessionFilter}} use HttpServletRequest.getRequestedSessionId() method to
get session ID.
However, specification says that this method might return ID which is different
from ID of currently active session. E.g. when request is performed with ID of
already invalidated session. But we never account for this and pass this
session ID to our session.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
