[
https://issues.apache.org/jira/browse/MYFACES-2754?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Michael Concini resolved MYFACES-2754.
--------------------------------------
Fix Version/s: 2.0.1
Resolution: Fixed
> MyFaces can attempt to create a new session after the response has been
> committed
> ---------------------------------------------------------------------------------
>
> Key: MYFACES-2754
> URL: https://issues.apache.org/jira/browse/MYFACES-2754
> Project: MyFaces Core
> Issue Type: Bug
> Components: General
> Affects Versions: 1.2.9, 2.0.0
> Reporter: Michael Concini
> Assignee: Michael Concini
> Fix For: 2.0.1
>
>
> As currently implemented, MyFaces can attempt to create a new session after
> the response has been committed. This is due to calling saveSerializedView
> on the JspStateManagerImpl even in cases where writeState was never called
> (e.g. a JSP outcome target with no form tags). This can lead to either an
> IllegalStateException being thrown or else extra sessions being created which
> wait until the session timeout is reached to be destroyed and thus can lead
> to a potential memory leak. Which behavior is seen depends on the appserver
> being used and whether it reuses session cookies for the same client.
> JSPStateManagerImpl will be updated to set a FacesContext attribute on
> writeState to indicate that the state should be written by
> saveSerializedView.
> On 2.0, FlashImpl also needs to be updated as well to not create a new
> session during the remove children operation. Currently we are creating a
> new session just to create a new map and then clear it.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
