So can anyone tell me if this is a bug or not? It doesn't seem to be consistent with the servlet spec and javadocs. Thanks!
Chris Wilson [EMAIL PROTECTED] www.wondergeek.com > -----Original Message----- > From: Chris Wilson [mailto:[EMAIL PROTECTED]] > Sent: Tuesday, May 21, 2002 10:37 PM > To: 'Tomcat Users List' > Subject: RE: HttpSession invalidate bug??? > > Comments below... > > Chris Wilson > > Web Developer > Andrews University > [EMAIL PROTECTED] > > > -----Original Message----- > > From: Scott Judd [mailto:[EMAIL PROTECTED]] > > Sent: Tuesday, May 21, 2002 4:46 PM > > To: Tomcat Users List > > Subject: Re: [Off Topic] HttpSession invalidate bug??? > > > > Chris, I can assure you that this is not a Tomcat issue. Let's try to > take > > it off-list from here. I have attached some code inline to this post > which > > will hopefully address, if not fix, your problem. See below: > > > > ----- Original Message ----- > > From: "Chris Wilson" <[EMAIL PROTECTED]> > > > > > Sure that makes sense, that's what I understood was happening... I > > > don't think that's the problem though. I fully expect the session > to be > > > invalid. > > > > > > > But remember that if you call session.invalidate() on an already > > invalidated > > session, it throws an IllegalStateException, which is symptomatic of > the > > problem you described. As a matter of fact, the session object is null > > after > > being invalidated, whether programmatically or by the servlet > container, > > so > > getting any properties from a null object will return unexpected > results. > > :) > > I understand that you can't call session.invalidate() on an invalidated > session--the javadocs support your claim. However, they do not say you > can't call getMaxInactiveInterval() on an invalid session (check them > out). Plus, your assertion that the session object is null doesn't make > sense, because I can successfully call session.getLastAccessedTime(). > That should throw a NullPointerException if the session is null, however > it doesn't for me. > > Here try this HttpSessionListner you'll see what I'm talking about > > import javax.servlet.http.HttpSessionListener; > import javax.servlet.http.HttpSessionEvent; > import javax.servlet.http.HttpSession; > > public class TestListener implements HttpSessionListener { > > public void sessionCreated(HttpSessionEvent httpSessionEvent) { > } > > public void sessionDestroyed(HttpSessionEvent httpSessionEvent) { > // ok session should be invalid here... > // lets test some assertions > // let put it in a try block to catch any exceptions > try { > HttpSession session = httpSessionEvent.getSession(); > > // lets make sure session is not null > System.out.println(session == null); > > // ok lets try last access time > // this SHOULD work even if session is invalid > // javadocs say it will... > System.out.println(session.getLastAccessedTime()); > // ta-da it does > > // ok if that worked then this should work too > // javadocs do not say it throws IllegalStateException > System.out.println(session.getMaxInactiveInterval()); > // whoops this busts... > // javadocs say this shouldn't happen > // Servlet spec (10.7) implies using this method to see if > // a session is invalid because of timeout as opposed > // to explicit call to session.invalidate(); > > // now, we won't get here cause the above fails > // but just to see if the session is invalid > // lets call something that the javadocs DO say should > // throw IllegalStateException on an invalid session > session.invalidate(); > } catch(Exception e) { > e.printStackTrace(); > } > } > } > > > > > > > > I assume that you would do that with the > > > following code... > > > > > > if((System.currentTimeMillis() - session.getLastAccessedTime()) > > > > session.getMaxInactiveInterval()) { > > > // session timed out > > > } > > > > Actually, I believe the correct convention here would be to use > > getMaxInactiveInterval() when the session is valid, so that it's still > > *legal* to get attributes from the session. Ideally, you would do this > in > > the valueUnbound() method of your listener class. I'm nearly positive > that > > this is occurring through a getAttribute() call in the ServletContext > > class > > of the servlet container (which also throws IllegalStateException). > After > > the servlet container invalidates the session, all future references > to > > the > > session object will evaluate to null, thus causing the exception that > > you're > > getting. Note that running this code snippet on WebSphere and JRun > > produced > > a similar result as Tomcat. It's just plain not a server issue. > > > > This statement would get you the same net effect as what you're > describing > > above: > > if(session == null) > > { > > //handle session timeout > > } > > The problem with your example is that it doesn't tell me if the session > is invalid because session.invalidate() was explicitly called or because > it timed out. I hate to sound like a broken record, but the spec (10.7) > says determining the difference should be possible by calling methods on > the HttpSession (read it, you'll see). > > Can any Tomcat developers weigh in on this? > > Thanks for all your help! > > > -- > To unsubscribe, e-mail: <mailto:tomcat-user- > [EMAIL PROTECTED]> > For additional commands, e-mail: <mailto:tomcat-user- > [EMAIL PROTECTED]> -- To unsubscribe, e-mail: <mailto:[EMAIL PROTECTED]> For additional commands, e-mail: <mailto:[EMAIL PROTECTED]>
