cvs commit: jakarta-tomcat/src/facade22/org/apache/tomcat/facade HttpServletRequestFacade.java

[larryi]

larryi      01/03/06 08:07:45

  Modified:    src/facade22/org/apache/tomcat/facade
                        HttpServletRequestFacade.java
  Log:
  Port patch from tomcat_32 for part of Bugzilla Bug #160
  
  The isRequestedSessionIdValid() should be based on the value of
  getRequestedSessionId().Instead of just checking that getSession(false)
  returns a non-null value (i.e. there is an active session) we must
  also test that the active session's ID matches the requested session id.
  
  Patch By: Marc Saegesser
  
  Revision  Changes    Path
  1.20      +6 -3      
jakarta-tomcat/src/facade22/org/apache/tomcat/facade/HttpServletRequestFacade.java
  
  Index: HttpServletRequestFacade.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat/src/facade22/org/apache/tomcat/facade/HttpServletRequestFacade.java,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- HttpServletRequestFacade.java     2001/02/27 02:49:27     1.19
  +++ HttpServletRequestFacade.java     2001/03/06 16:07:44     1.20
  @@ -451,9 +451,12 @@
       }
       
       public boolean isRequestedSessionIdValid() {
  -     // so here we just assume that if we have a session it's,
  -     // all good, else not.
  -     return null != request.getSession(false);
  +        boolean isvalid = false;
  +        ServerSession session = (ServerSession)request.getSession(false);
  +        if(session != null && session.getId().equals(getRequestedSessionId()))
  +            isvalid = true;
  +
  +        return isvalid;
       }
   
       /** Adapter - Request uses getSessionIdSource
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, email: [EMAIL PROTECTED]