[
https://issues.apache.org/jira/browse/IGNITE-3159?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15290985#comment-15290985
]
Dmitry Karachentsev commented on IGNITE-3159:
---------------------------------------------
Current algorithm should be left as is, because there is no possibility to get
to know if session was invalidated (f.e. in previous filter) or request came to
AS2, but session was created on AS1. In that case the correct behavior would be
to check if requested session present in cache, as it does now.
> WebSession: Incorrect handling of HttpServletRequest.getRequestedSessionId.
> ---------------------------------------------------------------------------
>
> Key: IGNITE-3159
> URL: https://issues.apache.org/jira/browse/IGNITE-3159
> Project: Ignite
> Issue Type: Bug
> Components: websession
> Affects Versions: 1.5.0.final
> Reporter: Vladimir Ozerov
> Assignee: Dmitry Karachentsev
> Fix For: 1.7
>
>
> {{WebSessionFilter}} use HttpServletRequest.getRequestedSessionId() method to
> get session ID.
> However, specification says that this method might return ID which is
> different from ID of currently active session. E.g. when request is performed
> with ID of already invalidated session. But we never account for this and
> pass this session ID to our session.
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
