MyFaces can attempt to create a new session after the response has been
committed
---------------------------------------------------------------------------------
Key: MYFACES-2754
URL: https://issues.apache.org/jira/browse/MYFACES-2754
Project: MyFaces Core
Issue Type: Bug
Components: General
Affects Versions: 2.0.0, 1.2.9
Reporter: Michael Concini
Assignee: Michael Concini
As currently implemented, MyFaces can attempt to create a new session after the
response has been committed. This is due to calling saveSerializedView on the
JspStateManagerImpl even in cases where writeState was never called (e.g. a JSP
outcome target with no form tags). This can lead to either an
IllegalStateException being thrown or else extra sessions being created which
wait until the session timeout is reached to be destroyed and thus can lead to
a potential memory leak. Which behavior is seen depends on the appserver being
used and whether it reuses session cookies for the same client.
JSPStateManagerImpl will be updated to set a FacesContext attribute on
writeState to indicate that the state should be written by saveSerializedView.
On 2.0, FlashImpl also needs to be updated as well to not create a new session
during the remove children operation. Currently we are creating a new session
just to create a new map and then clear it.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
