[
https://issues.apache.org/jira/browse/IGNITE-3159?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Dmitry Karachentsev resolved IGNITE-3159.
-----------------------------------------
Resolution: Won't Fix
Assignee: Vladimir Ozerov (was: Dmitry Karachentsev)
> WebSession: Incorrect handling of HttpServletRequest.getRequestedSessionId.
> ---------------------------------------------------------------------------
>
> Key: IGNITE-3159
> URL: https://issues.apache.org/jira/browse/IGNITE-3159
> Project: Ignite
> Issue Type: Bug
> Components: websession
> Affects Versions: 1.5.0.final
> Reporter: Vladimir Ozerov
> Assignee: Vladimir Ozerov
> Fix For: 1.7
>
>
> {{WebSessionFilter}} use HttpServletRequest.getRequestedSessionId() method to
> get session ID.
> However, specification says that this method might return ID which is
> different from ID of currently active session. E.g. when request is performed
> with ID of already invalidated session. But we never account for this and
> pass this session ID to our session.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
