luehe       2003/08/18 17:49:58

  Modified:    catalina/src/share/org/apache/catalina/session
                        PersistentManagerBase.java StandardManager.java
                        StandardSession.java StoreBase.java
  Log:
  Fixed Bugtraq 4839736 ("HttpSession.setMaxInactiveInterval() doesn't
  behave as expected")
  
  Patch provided by [EMAIL PROTECTED]
  
  The following test case used to fail intermittently, due to a race
  condition between the 2nd session access and the background thread
  that invalidates expired sessions:
  
    HttpSession session1 = req.getSession();
    session1.setMaxInactiveInterval(5);
    try {
      Thread.sleep(10 * 1000);
    } catch (InterruptedException e) { e.printStackTrace(); }
  
    HttpSession session2 = req.getSession(false);
    if (session2 == null) {
      // SUCCESS
    } else {
      // FAIL!!
    }
  
  Revision  Changes    Path
  1.9       +11 -36    
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/PersistentManagerBase.java
  
  Index: PersistentManagerBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/PersistentManagerBase.java,v
  retrieving revision 1.8
  retrieving revision 1.9
  diff -u -r1.8 -r1.9
  --- PersistentManagerBase.java        8 Jul 2003 06:28:02 -0000       1.8
  +++ PersistentManagerBase.java        19 Aug 2003 00:49:58 -0000      1.9
  @@ -835,8 +835,7 @@
           if (session == null)
               return (null);
   
  -        if (!session.isValid()
  -                || isSessionStale(session, System.currentTimeMillis())) {
  +        if (!session.isValid()) {
               log.error("session swapped in is invalid or expired");
               session.expire();
               removeSession(id);
  @@ -867,10 +866,9 @@
        */
       protected void swapOut(Session session) throws IOException {
   
  -        if (store == null ||
  -                !session.isValid() ||
  -                isSessionStale(session, System.currentTimeMillis()))
  +        if (store == null || !session.isValid()) {
               return;
  +        }
   
           ((StandardSession)session).passivate();
           writeSession(session);
  @@ -887,10 +885,9 @@
        */
       protected void writeSession(Session session) throws IOException {
   
  -        if (store == null ||
  -                !session.isValid() ||
  -                isSessionStale(session, System.currentTimeMillis()))
  +        if (store == null || !session.isValid()) {
               return;
  +        }
   
           try {
               if (System.getSecurityManager() != null){
  @@ -1073,27 +1070,6 @@
   
   
       /**
  -     * Indicate whether the session has been idle for longer
  -     * than its expiration date as of the supplied time.
  -     *
  -     * FIXME: Probably belongs in the Session class.
  -     */
  -    protected boolean isSessionStale(Session session, long timeNow) {
  -
  -        int maxInactiveInterval = session.getMaxInactiveInterval();
  -        if (maxInactiveInterval >= 0) {
  -            int timeIdle = // Truncate, do not round up
  -                (int) ((timeNow - session.getLastAccessedTime()) / 1000L);
  -            if (timeIdle >= maxInactiveInterval)
  -                return true;
  -        }
  -
  -        return false;
  -
  -    }
  -
  -
  -    /**
        * Invalidate all sessions that have expired.
        */
       protected void processExpires() {
  @@ -1106,10 +1082,9 @@
   
           for (int i = 0; i < sessions.length; i++) {
               StandardSession session = (StandardSession) sessions[i];
  -            if (!session.isValid())
  -                continue;
  -            if (isSessionStale(session, timeNow))
  +            if (!session.isValid()) {
                   session.expire();
  +         }
           }
   
       }
  
  
  
  1.11      +5 -12     
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardManager.java
  
  Index: StandardManager.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardManager.java,v
  retrieving revision 1.10
  retrieving revision 1.11
  diff -u -r1.10 -r1.11
  --- StandardManager.java      8 Jul 2003 06:28:02 -0000       1.10
  +++ StandardManager.java      19 Aug 2003 00:49:58 -0000      1.11
  @@ -813,14 +813,7 @@
   
           for (int i = 0; i < sessions.length; i++) {
               StandardSession session = (StandardSession) sessions[i];
  -            if (!session.isValid())
  -                continue;
  -            int maxInactiveInterval = session.getMaxInactiveInterval();
  -            if (maxInactiveInterval < 0)
  -                continue;
  -            int timeIdle = // Truncate, do not round up
  -                (int) ((timeNow - session.getLastAccessedTime()) / 1000L);
  -            if (timeIdle >= maxInactiveInterval) {
  +            if (!session.isValid()) {
                   try {
                       expiredSessions++;
                       session.expire();
  
  
  
  1.20      +25 -17    
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java
  
  Index: StandardSession.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
  retrieving revision 1.19
  retrieving revision 1.20
  diff -u -r1.19 -r1.20
  --- StandardSession.java      9 Aug 2003 19:04:29 -0000       1.19
  +++ StandardSession.java      19 Aug 2003 00:49:58 -0000      1.20
  @@ -575,8 +575,19 @@
        */
       public boolean isValid() {
   
  -        return (this.isValid);
  +        if (!this.isValid || this.expiring) {
  +            return false;
  +        }
  + 
  +        if (maxInactiveInterval >= 0) { 
  +            long timeNow = System.currentTimeMillis();
  +            int timeIdle = (int) ((timeNow - lastAccessedTime) / 1000L);
  +            if (timeIdle >= maxInactiveInterval) {
  +                this.isValid = false;
  +            }
  +        }
   
  +        return (this.isValid);
       }
   
   
  @@ -912,7 +923,7 @@
        */
       public long getCreationTime() {
   
  -        if (!isValid)
  +        if (!isValid())
               throw new IllegalStateException
                   (sm.getString("standardSession.getCreationTime.ise"));
   
  @@ -967,7 +978,7 @@
        */
       public Object getAttribute(String name) {
   
  -        if (!isValid)
  +        if (!isValid())
               throw new IllegalStateException
                   (sm.getString("standardSession.getAttribute.ise"));
   
  @@ -987,7 +998,7 @@
        */
       public Enumeration getAttributeNames() {
   
  -        if (!isValid)
  +        if (!isValid())
               throw new IllegalStateException
                   (sm.getString("standardSession.getAttributeNames.ise"));
   
  @@ -1029,7 +1040,7 @@
        */
       public String[] getValueNames() {
   
  -        if (!isValid)
  +        if (!isValid())
               throw new IllegalStateException
                   (sm.getString("standardSession.getValueNames.ise"));
   
  @@ -1046,7 +1057,7 @@
        */
       public void invalidate() {
   
  -        if (!isValid)
  +        if (!isValid())
               throw new IllegalStateException
                   (sm.getString("standardSession.invalidate.ise"));
   
  @@ -1068,7 +1079,7 @@
        */
       public boolean isNew() {
   
  -        if (!isValid)
  +        if (!isValid())
               throw new IllegalStateException
                   (sm.getString("standardSession.isNew.ise"));
   
  @@ -1143,7 +1154,7 @@
       public void removeAttribute(String name, boolean notify) {
   
           // Validate our current state
  -        if (!expiring && !isValid)
  +        if (!expiring && !isValid())
               throw new IllegalStateException
                   (sm.getString("standardSession.removeAttribute.ise"));
   
  @@ -1261,7 +1272,7 @@
           }
   
           // Validate our current state
  -        if (!isValid)
  +        if (!isValid())
               throw new IllegalStateException
                   (sm.getString("standardSession.setAttribute.ise"));
           if ((manager != null) && manager.getDistributable() &&
  @@ -1479,10 +1490,7 @@
           if (!this.isValid || expiring || maxInactiveInterval < 0)
               return;
   
  -        long timeNow = System.currentTimeMillis();
  -        int timeIdle =  (int) ((timeNow - lastAccessedTime) / 1000L);
  -
  -        if (timeIdle >= maxInactiveInterval) {
  +        if (!isValid()) {
               try {
                   expire();
               } catch (Throwable t) {
  
  
  
  1.4       +12 -20    
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StoreBase.java
  
  Index: StoreBase.java
  ===================================================================
  RCS file: 
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StoreBase.java,v
  retrieving revision 1.3
  retrieving revision 1.4
  diff -u -r1.3 -r1.4
  --- StoreBase.java    4 Mar 2003 04:31:47 -0000       1.3
  +++ StoreBase.java    19 Aug 2003 00:49:58 -0000      1.4
  @@ -309,25 +309,17 @@
                   if (session == null) {
                       continue;
                   }
  -                if (!session.isValid()) {
  +                if (session.isValid()) {
                       continue;
                   }
  -                int maxInactiveInterval = session.getMaxInactiveInterval();
  -                if (maxInactiveInterval < 0) {
  -                    continue;
  -                }
  -                int timeIdle = // Truncate, do not round up
  -                    (int) ((timeNow - session.getLastAccessedTime()) / 1000L);
  -                if (timeIdle >= maxInactiveInterval) {
  -                    if ( ( (PersistentManagerBase) manager).isLoaded( keys[i] )) {
  -                        // recycle old backup session
  -                        session.recycle();
  -                    } else {
  -                        // expire swapped out session
  -                        session.expire();
  -                    }
  -                    remove(session.getId());
  +                if ( ( (PersistentManagerBase) manager).isLoaded( keys[i] )) {
  +                    // recycle old backup session
  +                    session.recycle();
  +                } else {
  +                    // expire swapped out session
  +                    session.expire();
                   }
  +                remove(session.getId());
               } catch (IOException e) {
                   log (e.toString());
                   e.printStackTrace();
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to