Comments below... Chris Wilson
Web Developer Andrews University [EMAIL PROTECTED] > -----Original Message----- > From: Scott Judd [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 21, 2002 4:46 PM > To: Tomcat Users List > Subject: Re: [Off Topic] HttpSession invalidate bug??? > > Chris, I can assure you that this is not a Tomcat issue. Let's try to take > it off-list from here. I have attached some code inline to this post which > will hopefully address, if not fix, your problem. See below: > > ----- Original Message ----- > From: "Chris Wilson" <[EMAIL PROTECTED]> > > > Sure that makes sense, that's what I understood was happening... I > > don't think that's the problem though. I fully expect the session to be > > invalid. > > > > But remember that if you call session.invalidate() on an already > invalidated > session, it throws an IllegalStateException, which is symptomatic of the > problem you described. As a matter of fact, the session object is null > after > being invalidated, whether programmatically or by the servlet container, > so > getting any properties from a null object will return unexpected results. > :) I understand that you can't call session.invalidate() on an invalidated session--the javadocs support your claim. However, they do not say you can't call getMaxInactiveInterval() on an invalid session (check them out). Plus, your assertion that the session object is null doesn't make sense, because I can successfully call session.getLastAccessedTime(). That should throw a NullPointerException if the session is null, however it doesn't for me. Here try this HttpSessionListner you'll see what I'm talking about import javax.servlet.http.HttpSessionListener; import javax.servlet.http.HttpSessionEvent; import javax.servlet.http.HttpSession; public class TestListener implements HttpSessionListener { public void sessionCreated(HttpSessionEvent httpSessionEvent) { } public void sessionDestroyed(HttpSessionEvent httpSessionEvent) { // ok session should be invalid here... // lets test some assertions // let put it in a try block to catch any exceptions try { HttpSession session = httpSessionEvent.getSession(); // lets make sure session is not null System.out.println(session == null); // ok lets try last access time // this SHOULD work even if session is invalid // javadocs say it will... System.out.println(session.getLastAccessedTime()); // ta-da it does // ok if that worked then this should work too // javadocs do not say it throws IllegalStateException System.out.println(session.getMaxInactiveInterval()); // whoops this busts... // javadocs say this shouldn't happen // Servlet spec (10.7) implies using this method to see if // a session is invalid because of timeout as opposed // to explicit call to session.invalidate(); // now, we won't get here cause the above fails // but just to see if the session is invalid // lets call something that the javadocs DO say should // throw IllegalStateException on an invalid session session.invalidate(); } catch(Exception e) { e.printStackTrace(); } } } > > > > I assume that you would do that with the > > following code... > > > > if((System.currentTimeMillis() - session.getLastAccessedTime()) > > > session.getMaxInactiveInterval()) { > > // session timed out > > } > > Actually, I believe the correct convention here would be to use > getMaxInactiveInterval() when the session is valid, so that it's still > *legal* to get attributes from the session. Ideally, you would do this in > the valueUnbound() method of your listener class. I'm nearly positive that > this is occurring through a getAttribute() call in the ServletContext > class > of the servlet container (which also throws IllegalStateException). After > the servlet container invalidates the session, all future references to > the > session object will evaluate to null, thus causing the exception that > you're > getting. Note that running this code snippet on WebSphere and JRun > produced > a similar result as Tomcat. It's just plain not a server issue. > > This statement would get you the same net effect as what you're describing > above: > if(session == null) > { > //handle session timeout > } The problem with your example is that it doesn't tell me if the session is invalid because session.invalidate() was explicitly called or because it timed out. I hate to sound like a broken record, but the spec (10.7) says determining the difference should be possible by calling methods on the HttpSession (read it, you'll see). Can any Tomcat developers weigh in on this? Thanks for all your help! -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>