DO NOT REPLY TO THIS EMAIL, BUT PLEASE POST YOUR BUG RELATED COMMENTS THROUGH THE WEB INTERFACE AVAILABLE AT <http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26341>. ANY REPLY MADE TO THIS MESSAGE WILL NOT BE COLLECTED AND INSERTED IN THE BUG DATABASE.
http://nagoya.apache.org/bugzilla/show_bug.cgi?id=26341 It's possible to call getAttribute() while session is invalidated without IAE ------- Additional Comments From [EMAIL PROTECTED] 2004-01-23 18:56 ------- How about setting "expiring" to FALSE *before* removing any attributes, and adding a "backdoor" into removeAttribute() that by-passes the validity check, as follows: Index: StandardSession.java =================================================================== RCS file: /home/cvs/jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/session/StandardSession.java,v retrieving revision 1.29 diff -u -r1.29 StandardSession.java --- StandardSession.java 19 Jan 2004 23:39:05 -0000 1.29 +++ StandardSession.java 22 Jan 2004 22:44:30 -0000 @@ -706,19 +706,24 @@ if (manager != null) manager.remove(this); + /* + * Mark session as expired *before* removing its attributes, so + * that its HttpSessionBindingListener objects will get an + * IllegalStateException when accessing the session attributes + * from within their valueUnbound() method + */ + expiring = false; + // Unbind any objects associated with this session String keys[] = keys(); for (int i = 0; i < keys.length; i++) - removeAttribute(keys[i], notify); + removeAttribute(keys[i], notify, false); // Notify interested session event listeners if (notify) { fireSessionEvent(Session.SESSION_DESTROYED_EVENT, null); } - // We have completed expire of this session - expiring = false; - } } @@ -1133,7 +1138,7 @@ */ public void removeAttribute(String name) { - removeAttribute(name, true); + removeAttribute(name, true, true); } @@ -1150,14 +1155,17 @@ * @param name Name of the object to remove from this session. * @param notify Should we notify interested listeners that this * attribute is being removed? + * @param checkValid Indicates whether IllegalStateException must be + * thrown if session has already been invalidated * * @exception IllegalStateException if this method is called on an * invalidated session */ - public void removeAttribute(String name, boolean notify) { + public void removeAttribute(String name, boolean notify, + boolean checkValid) { // Validate our current state - if (!isValid()) + if (checkValid && !isValid()) throw new IllegalStateException (sm.getString("standardSession.removeAttribute.ise")); --------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
