Jetty
  1. Jetty
  2. JETTY-144

request.getSession(false) returns sessions after session.invalidate

    Details

    • Type: Bug Bug
    • Status: Closed Closed
    • Priority: Major Major
    • Resolution: Duplicate
    • Affects Version/s: 6.0.1
    • Fix Version/s: None
    • Component/s: Servlet
    • Labels:
      None
    • Environment:
      Windows, JDK 1.5.06
    • Number of attachments :
      0

      Description

      The request.getSession(false) method returns an invalid session after the session has already been invalidated.

      Example code (inside Filter/Servlet/JSP):

      //Create session
      HttpSession session = request.getSession();

      //Invalidate Session
      session.invalidate();

      //Re-Get the session (should return null, but does not):
      session = request.getSession(false);
      if(session != null) {
      session.getAttribute("foo"); //Leads to IllegalStateException since returned session is invalidated!!
      }

      According to the Servlet-API: request.getSession(false) must return null if no valid session for the current request is available.

        Activity

        Hide
        Jan Bartel added a comment -

        Duplicate of JETTY-141. Fix for that applied to 6.0-branch for release in 6.0.2, and also to 6.1 branch.

        Show
        Jan Bartel added a comment - Duplicate of JETTY-141 . Fix for that applied to 6.0-branch for release in 6.0.2, and also to 6.1 branch.

          People

          • Assignee:
            Jan Bartel
            Reporter:
            Denis Pasek
          • Votes:
            0 Vote for this issue
            Watchers:
            1 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: