luehe 2003/08/18 17:49:58
Modified: catalina/src/share/org/apache/catalina/session
PersistentManagerBase.java StandardManager.java
StandardSession.java StoreBase.java
Log:
Fixed Bugtraq 4839736 ("HttpSession.setMaxInactiveInterval() doesn't
behave as expected")
Patch provided by [EMAIL PROTECTED]
The following test case used to fail intermittently, due to a race
condition between the 2nd session access and the background thread
that invalidates expired sessions:
HttpSession session1 = req.getSession();
session1.setMaxInactiveInterval(5);
try {
Thread.sleep(10 * 1000);
} catch (InterruptedException e) { e.printStackTrace(); }
HttpSession session2 = req.getSession(false);
if (session2 == null) {
// SUCCESS
} else {
// FAIL!!
}
Revision Changes Path
1.9 +11 -36
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/PersistentManagerBase.java
Index: PersistentManagerBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/PersistentManagerBase.java,v
retrieving revision 1.8
retrieving revision 1.9
diff -u -r1.8 -r1.9
--- PersistentManagerBase.java 8 Jul 2003 06:28:02 -0000 1.8
+++ PersistentManagerBase.java 19 Aug 2003 00:49:58 -0000 1.9
@@ -835,8 +835,7 @@
if (session == null)
return (null);
- if (!session.isValid()
- || isSessionStale(session, System.currentTimeMillis())) {
+ if (!session.isValid()) {
log.error("session swapped in is invalid or expired");
session.expire();
removeSession(id);
@@ -867,10 +866,9 @@
*/
protected void swapOut(Session session) throws IOException {
- if (store == null ||
- !session.isValid() ||
- isSessionStale(session, System.currentTimeMillis()))
+ if (store == null || !session.isValid()) {
return;
+ }
((StandardSession)session).passivate();
writeSession(session);
@@ -887,10 +885,9 @@
*/
protected void writeSession(Session session) throws IOException {
- if (store == null ||
- !session.isValid() ||
- isSessionStale(session, System.currentTimeMillis()))
+ if (store == null || !session.isValid()) {
return;
+ }
try {
if (System.getSecurityManager() != null){
@@ -1073,27 +1070,6 @@
/**
- * Indicate whether the session has been idle for longer
- * than its expiration date as of the supplied time.
- *
- * FIXME: Probably belongs in the Session class.
- */
- protected boolean isSessionStale(Session session, long timeNow) {
-
- int maxInactiveInterval = session.getMaxInactiveInterval();
- if (maxInactiveInterval >= 0) {
- int timeIdle = // Truncate, do not round up
- (int) ((timeNow - session.getLastAccessedTime()) / 1000L);
- if (timeIdle >= maxInactiveInterval)
- return true;
- }
-
- return false;
-
- }
-
-
- /**
* Invalidate all sessions that have expired.
*/
protected void processExpires() {
@@ -1106,10 +1082,9 @@
for (int i = 0; i < sessions.length; i++) {
StandardSession session = (StandardSession) sessions[i];
- if (!session.isValid())
- continue;
- if (isSessionStale(session, timeNow))
+ if (!session.isValid()) {
session.expire();
+ }
}
}
1.11 +5 -12
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardManager.java
Index: StandardManager.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardManager.java,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -r1.10 -r1.11
--- StandardManager.java 8 Jul 2003 06:28:02 -0000 1.10
+++ StandardManager.java 19 Aug 2003 00:49:58 -0000 1.11
@@ -813,14 +813,7 @@
for (int i = 0; i < sessions.length; i++) {
StandardSession session = (StandardSession) sessions[i];
- if (!session.isValid())
- continue;
- int maxInactiveInterval = session.getMaxInactiveInterval();
- if (maxInactiveInterval < 0)
- continue;
- int timeIdle = // Truncate, do not round up
- (int) ((timeNow - session.getLastAccessedTime()) / 1000L);
- if (timeIdle >= maxInactiveInterval) {
+ if (!session.isValid()) {
try {
expiredSessions++;
session.expire();
1.20 +25 -17
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java
Index: StandardSession.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java,v
retrieving revision 1.19
retrieving revision 1.20
diff -u -r1.19 -r1.20
--- StandardSession.java 9 Aug 2003 19:04:29 -0000 1.19
+++ StandardSession.java 19 Aug 2003 00:49:58 -0000 1.20
@@ -575,8 +575,19 @@
*/
public boolean isValid() {
- return (this.isValid);
+ if (!this.isValid || this.expiring) {
+ return false;
+ }
+
+ if (maxInactiveInterval >= 0) {
+ long timeNow = System.currentTimeMillis();
+ int timeIdle = (int) ((timeNow - lastAccessedTime) / 1000L);
+ if (timeIdle >= maxInactiveInterval) {
+ this.isValid = false;
+ }
+ }
+ return (this.isValid);
}
@@ -912,7 +923,7 @@
*/
public long getCreationTime() {
- if (!isValid)
+ if (!isValid())
throw new IllegalStateException
(sm.getString("standardSession.getCreationTime.ise"));
@@ -967,7 +978,7 @@
*/
public Object getAttribute(String name) {
- if (!isValid)
+ if (!isValid())
throw new IllegalStateException
(sm.getString("standardSession.getAttribute.ise"));
@@ -987,7 +998,7 @@
*/
public Enumeration getAttributeNames() {
- if (!isValid)
+ if (!isValid())
throw new IllegalStateException
(sm.getString("standardSession.getAttributeNames.ise"));
@@ -1029,7 +1040,7 @@
*/
public String[] getValueNames() {
- if (!isValid)
+ if (!isValid())
throw new IllegalStateException
(sm.getString("standardSession.getValueNames.ise"));
@@ -1046,7 +1057,7 @@
*/
public void invalidate() {
- if (!isValid)
+ if (!isValid())
throw new IllegalStateException
(sm.getString("standardSession.invalidate.ise"));
@@ -1068,7 +1079,7 @@
*/
public boolean isNew() {
- if (!isValid)
+ if (!isValid())
throw new IllegalStateException
(sm.getString("standardSession.isNew.ise"));
@@ -1143,7 +1154,7 @@
public void removeAttribute(String name, boolean notify) {
// Validate our current state
- if (!expiring && !isValid)
+ if (!expiring && !isValid())
throw new IllegalStateException
(sm.getString("standardSession.removeAttribute.ise"));
@@ -1261,7 +1272,7 @@
}
// Validate our current state
- if (!isValid)
+ if (!isValid())
throw new IllegalStateException
(sm.getString("standardSession.setAttribute.ise"));
if ((manager != null) && manager.getDistributable() &&
@@ -1479,10 +1490,7 @@
if (!this.isValid || expiring || maxInactiveInterval < 0)
return;
- long timeNow = System.currentTimeMillis();
- int timeIdle = (int) ((timeNow - lastAccessedTime) / 1000L);
-
- if (timeIdle >= maxInactiveInterval) {
+ if (!isValid()) {
try {
expire();
} catch (Throwable t) {
1.4 +12 -20
jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StoreBase.java
Index: StoreBase.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StoreBase.java,v
retrieving revision 1.3
retrieving revision 1.4
diff -u -r1.3 -r1.4
--- StoreBase.java 4 Mar 2003 04:31:47 -0000 1.3
+++ StoreBase.java 19 Aug 2003 00:49:58 -0000 1.4
@@ -309,25 +309,17 @@
if (session == null) {
continue;
}
- if (!session.isValid()) {
+ if (session.isValid()) {
continue;
}
- int maxInactiveInterval = session.getMaxInactiveInterval();
- if (maxInactiveInterval < 0) {
- continue;
- }
- int timeIdle = // Truncate, do not round up
- (int) ((timeNow - session.getLastAccessedTime()) / 1000L);
- if (timeIdle >= maxInactiveInterval) {
- if ( ( (PersistentManagerBase) manager).isLoaded( keys[i] )) {
- // recycle old backup session
- session.recycle();
- } else {
- // expire swapped out session
- session.expire();
- }
- remove(session.getId());
+ if ( ( (PersistentManagerBase) manager).isLoaded( keys[i] )) {
+ // recycle old backup session
+ session.recycle();
+ } else {
+ // expire swapped out session
+ session.expire();
}
+ remove(session.getId());
} catch (IOException e) {
log (e.toString());
e.printStackTrace();
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
