users@glassfish.java.net

Re: JSP FORM-based authentication redirects to expired session context

From: <glassfish_at_javadesktop.org>
Date: Mon, 01 Dec 2008 19:10:56 PST

I'm also experiencing this issue with timed-out sessions and "ugly error pages". I played with it and it seems to me that the session that is being returned when calling HttpServletRequest.getSession(boolean) only returns a new HttpSession, but doesn't assign this new session to the HttpServletRequest (and there's no method to do so).
Here's a test snippet from the JSF Bean that my form sends data to:
[code]
//a method used below, inside the JSF bean
private HttpSession getCurrentSession() {
        HttpServletRequest request = (HttpServletRequest)
                FacesContext.getCurrentInstance().getExternalContext().getRequest();
        return request.getSession( false );//changing to true yields same results
}

//and now contents from the "submit" method of the JSF managed bean:
HttpSession session = getCurrentSession();
Cookie cookie[] = ((HttpServletRequest)FacesContext.getCurrentInstance().getExternalContext().getRequest()).getCookies();
String cookieName;

if(cookie != null && cookie.length > 0){
  for(int i = 0; i<cookie.length; i++){
        cookieName = cookie[i].getName();

        if( cookieName.equals( "JSESSIONID") ) {
                Util.line( "setting cookie value from: " + cookie[i].getValue() + ", to: " + session.getId() );
                cookie[i].setValue( session.getId() );
                Util.line( "Now cookie's value is: " + cookie[i].getValue() );

        }
  }
}
[/code]
And here's what it prints out:
[code]
setting cookie value from: 59a53261eba15e7ce92f9e447aef, to: 59abbda1717d85b37e06a2a7e77e
Now cookie's value is: 59abbda1717d85b37e06a2a7e77e
[/code]
But the important thing is that the NEW session actually applied to HttpServletRequest is different,
to prove that I placed at the end of every page this:
[code]
<%
out.println( "current session id is: " + session.getId() );
%>
[/code]
which prints out "current session id is: 59acafea9cd900dcadd0f46d8cc1" - a totally different session.
I think this should be reported as a bug (I can't see how to solve this issue) or am I missing something?
Anyone solved this issue?

I have GlassFish v2 on Linux with all updates.
[Message sent by forum member 'xlinuks' (xlinuks)]

http://forums.java.net/jive/thread.jspa?messageID=319470
© Oracle | By contributing to this project, you are agreeing to the terms of use described here.