luehe 2003/08/18 17:49:58 Modified: catalina/src/share/org/apache/catalina/session PersistentManagerBase.java StandardManager.java StandardSession.java StoreBase.java Log: Fixed Bugtraq 4839736 ("HttpSession.setMaxInactiveInterval() doesn't behave as expected") Patch provided by [EMAIL PROTECTED] The following test case used to fail intermittently, due to a race condition between the 2nd session access and the background thread that invalidates expired sessions: HttpSession session1 = req.getSession(); session1.setMaxInactiveInterval(5); try { Thread.sleep(10 * 1000); } catch (InterruptedException e) { e.printStackTrace(); } HttpSession session2 = req.getSession(false); if (session2 == null) { // SUCCESS } else { // FAIL!! } Revision Changes Path 1.9 +11 -36 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/PersistentManagerBase.java Index: PersistentManagerBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/PersistentManagerBase.java,v retrieving revision 1.8 retrieving revision 1.9 diff -u -r1.8 -r1.9 --- PersistentManagerBase.java 8 Jul 2003 06:28:02 -0000 1.8 +++ PersistentManagerBase.java 19 Aug 2003 00:49:58 -0000 1.9 @@ -835,8 +835,7 @@ if (session == null) return (null); - if (!session.isValid() - || isSessionStale(session, System.currentTimeMillis())) { + if (!session.isValid()) { log.error("session swapped in is invalid or expired"); session.expire(); removeSession(id); @@ -867,10 +866,9 @@ */ protected void swapOut(Session session) throws IOException { - if (store == null || - !session.isValid() || - isSessionStale(session, System.currentTimeMillis())) + if (store == null || !session.isValid()) { return; + } ((StandardSession)session).passivate(); writeSession(session); @@ -887,10 +885,9 @@ */ protected void writeSession(Session session) throws IOException { - if (store == null || - !session.isValid() || - isSessionStale(session, System.currentTimeMillis())) + if (store == null || !session.isValid()) { return; + } try { if (System.getSecurityManager() != null){ @@ -1073,27 +1070,6 @@ /** - * Indicate whether the session has been idle for longer - * than its expiration date as of the supplied time. - * - * FIXME: Probably belongs in the Session class. - */ - protected boolean isSessionStale(Session session, long timeNow) { - - int maxInactiveInterval = session.getMaxInactiveInterval(); - if (maxInactiveInterval >= 0) { - int timeIdle = // Truncate, do not round up - (int) ((timeNow - session.getLastAccessedTime()) / 1000L); - if (timeIdle >= maxInactiveInterval) - return true; - } - - return false; - - } - - - /** * Invalidate all sessions that have expired. */ protected void processExpires() { @@ -1106,10 +1082,9 @@ for (int i = 0; i < sessions.length; i++) { StandardSession session = (StandardSession) sessions[i]; - if (!session.isValid()) - continue; - if (isSessionStale(session, timeNow)) + if (!session.isValid()) { session.expire(); + } } } 1.11 +5 -12 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardManager.java Index: StandardManager.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardManager.java,v retrieving revision 1.10 retrieving revision 1.11 diff -u -r1.10 -r1.11 --- StandardManager.java 8 Jul 2003 06:28:02 -0000 1.10 +++ StandardManager.java 19 Aug 2003 00:49:58 -0000 1.11 @@ -813,14 +813,7 @@ for (int i = 0; i < sessions.length; i++) { StandardSession session = (StandardSession) sessions[i]; - if (!session.isValid()) - continue; - int maxInactiveInterval = session.getMaxInactiveInterval(); - if (maxInactiveInterval < 0) - continue; - int timeIdle = // Truncate, do not round up - (int) ((timeNow - session.getLastAccessedTime()) / 1000L); - if (timeIdle >= maxInactiveInterval) { + if (!session.isValid()) { try { expiredSessions++; session.expire(); 1.20 +25 -17 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java Index: StandardSession.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java,v retrieving revision 1.19 retrieving revision 1.20 diff -u -r1.19 -r1.20 --- StandardSession.java 9 Aug 2003 19:04:29 -0000 1.19 +++ StandardSession.java 19 Aug 2003 00:49:58 -0000 1.20 @@ -575,8 +575,19 @@ */ public boolean isValid() { - return (this.isValid); + if (!this.isValid || this.expiring) { + return false; + } + + if (maxInactiveInterval >= 0) { + long timeNow = System.currentTimeMillis(); + int timeIdle = (int) ((timeNow - lastAccessedTime) / 1000L); + if (timeIdle >= maxInactiveInterval) { + this.isValid = false; + } + } + return (this.isValid); } @@ -912,7 +923,7 @@ */ public long getCreationTime() { - if (!isValid) + if (!isValid()) throw new IllegalStateException (sm.getString("standardSession.getCreationTime.ise")); @@ -967,7 +978,7 @@ */ public Object getAttribute(String name) { - if (!isValid) + if (!isValid()) throw new IllegalStateException (sm.getString("standardSession.getAttribute.ise")); @@ -987,7 +998,7 @@ */ public Enumeration getAttributeNames() { - if (!isValid) + if (!isValid()) throw new IllegalStateException (sm.getString("standardSession.getAttributeNames.ise")); @@ -1029,7 +1040,7 @@ */ public String[] getValueNames() { - if (!isValid) + if (!isValid()) throw new IllegalStateException (sm.getString("standardSession.getValueNames.ise")); @@ -1046,7 +1057,7 @@ */ public void invalidate() { - if (!isValid) + if (!isValid()) throw new IllegalStateException (sm.getString("standardSession.invalidate.ise")); @@ -1068,7 +1079,7 @@ */ public boolean isNew() { - if (!isValid) + if (!isValid()) throw new IllegalStateException (sm.getString("standardSession.isNew.ise")); @@ -1143,7 +1154,7 @@ public void removeAttribute(String name, boolean notify) { // Validate our current state - if (!expiring && !isValid) + if (!expiring && !isValid()) throw new IllegalStateException (sm.getString("standardSession.removeAttribute.ise")); @@ -1261,7 +1272,7 @@ } // Validate our current state - if (!isValid) + if (!isValid()) throw new IllegalStateException (sm.getString("standardSession.setAttribute.ise")); if ((manager != null) && manager.getDistributable() && @@ -1479,10 +1490,7 @@ if (!this.isValid || expiring || maxInactiveInterval < 0) return; - long timeNow = System.currentTimeMillis(); - int timeIdle = (int) ((timeNow - lastAccessedTime) / 1000L); - - if (timeIdle >= maxInactiveInterval) { + if (!isValid()) { try { expire(); } catch (Throwable t) { 1.4 +12 -20 jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StoreBase.java Index: StoreBase.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StoreBase.java,v retrieving revision 1.3 retrieving revision 1.4 diff -u -r1.3 -r1.4 --- StoreBase.java 4 Mar 2003 04:31:47 -0000 1.3 +++ StoreBase.java 19 Aug 2003 00:49:58 -0000 1.4 @@ -309,25 +309,17 @@ if (session == null) { continue; } - if (!session.isValid()) { + if (session.isValid()) { continue; } - int maxInactiveInterval = session.getMaxInactiveInterval(); - if (maxInactiveInterval < 0) { - continue; - } - int timeIdle = // Truncate, do not round up - (int) ((timeNow - session.getLastAccessedTime()) / 1000L); - if (timeIdle >= maxInactiveInterval) { - if ( ( (PersistentManagerBase) manager).isLoaded( keys[i] )) { - // recycle old backup session - session.recycle(); - } else { - // expire swapped out session - session.expire(); - } - remove(session.getId()); + if ( ( (PersistentManagerBase) manager).isLoaded( keys[i] )) { + // recycle old backup session + session.recycle(); + } else { + // expire swapped out session + session.expire(); } + remove(session.getId()); } catch (IOException e) { log (e.toString()); e.printStackTrace();
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]