users@glassfish.java.net

Re: should HttpSession.getAttribute(String) expire a session?

From: Bobby Bissett <bbissett_at_gmail.com>
Date: Fri, 10 Aug 2012 17:38:12 -0400

On Fri, Aug 10, 2012 at 5:23 PM, Shing Wai Chan
<shing.wai.chan_at_oracle.com> wrote:
> In general, the expired session is cleaned up by a background thread.
> But if it is used before cleaning up, then it will be cleaned up while
> accessing.
> From description below, it is the latter case here.

Thanks, that makes perfect sense. But in terms of what the calling
code sees, should this happen? According to
http://docs.oracle.com/javaee/6/api/javax/servlet/http/HttpSession.html#getAttribute(java.lang.String)
I would expect it to throw an IllegalStateException. There's nothing
in the JavaDoc to indicate that calling this method could result in a
SessionListener being called. As you can understand, that leads to an
unexpected (and hard to test) edge case for handling concurrent access
to a session object.

Thanks,
Bobby