Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

377610 New session not timed out if an old session is invalidated in scope of same request

This commit is contained in:
Jan Bartel 2012-05-02 16:41:32 +02:00
parent b131a0b30b
commit 1ca8eb030d
3 changed files with 217 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java
View File

@ -195,12 +195,10 @@ public class SessionHandler extends ScopedHandler
{
if (access!=null)
_sessionManager.complete(access);
else
{
HttpSession session = baseRequest.getSession(false);
if (session!=null && old_session==null)
if (session!=null && old_session==null && session!=access)
_sessionManager.complete(session);
}
if (old_session_manager!=null && old_session_manager != _sessionManager)
{

19
tests/test-sessions/test-hash-sessions/src/test/java/org/eclipse/jetty/server/session/SessionInvalidateAndCreateTest.java Normal file
View File

@ -0,0 +1,19 @@
package org.eclipse.jetty.server.session;
import org.junit.Test;
public class SessionInvalidateAndCreateTest extends AbstractSessionInvalidateAndCreateTest
{
@Override
public AbstractTestServer createServer(int port, int max, int scavenge)
{
return new HashTestServer(port,max,scavenge);
}
@Test
public void testSessionScavenge() throws Exception
{
super.testSessionScavenge();
}
}

194
tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractSessionInvalidateAndCreateTest.java Normal file
View File

@ -0,0 +1,194 @@
// ========================================================================
// Copyright 2012 Mort Bay Consulting Pty. Ltd.
// ------------------------------------------------------------------------
// All rights reserved. This program and the accompanying materials
// are made available under the terms of the Eclipse Public License v1.0
// and Apache License v2.0 which accompanies this distribution.
// The Eclipse Public License is available at
// http://www.eclipse.org/legal/epl-v10.html
// The Apache License v2.0 is available at
// http://www.opensource.org/licenses/apache2.0.php
// You may elect to redistribute this code under either of these licenses.
// ========================================================================
package org.eclipse.jetty.server.session;
import java.io.IOException;
import java.util.ArrayList;
import java.util.List;
import java.util.Random;
import javax.servlet.ServletException;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
import javax.servlet.http.HttpSession;
import javax.servlet.http.HttpSessionBindingEvent;
import javax.servlet.http.HttpSessionBindingListener;
import javax.servlet.http.HttpSessionEvent;
import javax.servlet.http.HttpSessionListener;
import org.eclipse.jetty.client.ContentExchange;
import org.eclipse.jetty.client.HttpClient;
import org.eclipse.jetty.http.HttpMethods;
import org.eclipse.jetty.server.Request;
import org.eclipse.jetty.server.SessionManager;
import org.eclipse.jetty.servlet.ServletContextHandler;
import org.eclipse.jetty.servlet.ServletHolder;
import org.junit.Test;
import static org.junit.Assert.assertEquals;
import static org.junit.Assert.assertTrue;
/**
* AbstractSessionInvalidateAndCreateTest
*
* This test verifies that invalidating an existing session and creating
* a new session within the scope of a single request will expire the
* newly created session correctly (removed from the server and session listeners called).
* See https://bugs.eclipse.org/bugs/show_bug.cgi?id=377610
*/
public abstract class AbstractSessionInvalidateAndCreateTest
{
public class MySessionListener implements HttpSessionListener
{
List<String> destroys;
public void sessionCreated(HttpSessionEvent e)
{
}
public void sessionDestroyed(HttpSessionEvent e)
{
if (destroys == null)
destroys = new ArrayList<String>();
destroys.add((String)e.getSession().getAttribute("identity"));
}
}
public abstract AbstractTestServer createServer(int port, int max, int scavenge);
public void pause(int scavengePeriod)
{
try
{
Thread.sleep(scavengePeriod * 2500L);
}
catch (InterruptedException e)
{
e.printStackTrace();
}
}
@Test
public void testSessionScavenge() throws Exception
{
String contextPath = "";
String servletMapping = "/server";
int inactivePeriod = 1;
int scavengePeriod = 2;
AbstractTestServer server = createServer(0, inactivePeriod, scavengePeriod);
ServletContextHandler context = server.addContext(contextPath);
TestServlet servlet = new TestServlet();
ServletHolder holder = new ServletHolder(servlet);
context.addServlet(holder, servletMapping);
MySessionListener listener = new MySessionListener();
context.getSessionHandler().addEventListener(listener);
server.start();
int port1 = server.getPort();
try
{
HttpClient client = new HttpClient();
client.setConnectorType(HttpClient.CONNECTOR_SOCKET);
client.start();
try
{
String url = "http://localhost:" + port1 + contextPath + servletMapping;
// Create the session
ContentExchange exchange1 = new ContentExchange(true);
exchange1.setMethod(HttpMethods.GET);
exchange1.setURL(url + "?action=init");
client.send(exchange1);
exchange1.waitForDone();
assertEquals(HttpServletResponse.SC_OK,exchange1.getResponseStatus());
String sessionCookie = exchange1.getResponseFields().getStringField("Set-Cookie");
assertTrue(sessionCookie != null);
// Mangle the cookie, replacing Path with $Path, etc.
sessionCookie = sessionCookie.replaceFirst("(\\W)(P|p)ath=", "$1\\$Path=");
// Make a request which will invalidate the existing session and create a new one
ContentExchange exchange2 = new ContentExchange(true);
exchange2.setMethod(HttpMethods.GET);
exchange2.setURL(url + "?action=test");
exchange2.getRequestFields().add("Cookie", sessionCookie);
client.send(exchange2);
exchange2.waitForDone();
assertEquals(HttpServletResponse.SC_OK,exchange2.getResponseStatus());
// Wait for the scavenger to run, waiting 2.5 times the scavenger period
pause(scavengePeriod);
//test that the session created in the last test is scavenged:
//the HttpSessionListener should have been called when session1 was invalidated and session2 was scavenged
assertTrue(listener.destroys.contains("session1"));
assertTrue(listener.destroys.contains("session2"));
//session2's HttpSessionBindingListener should have been called when it was scavenged
assertTrue(servlet.unbound);
}
finally
{
client.stop();
}
}
finally
{
server.stop();
}
}
public static class TestServlet extends HttpServlet
{
private boolean unbound = false;
@Override
protected void doGet(HttpServletRequest request, HttpServletResponse httpServletResponse) throws ServletException, IOException
{
String action = request.getParameter("action");
if ("init".equals(action))
{
HttpSession session = request.getSession(true);
session.setAttribute("identity", "session1");
}
else if ("test".equals(action))
{
HttpSession session = request.getSession(false);
if (session != null)
{
session.invalidate();
//now make a new session
session = request.getSession(true);
session.setAttribute("identity", "session2");
session.setAttribute("listener", new HttpSessionBindingListener()
{
public void valueUnbound(HttpSessionBindingEvent event)
{
unbound = true;
}
public void valueBound(HttpSessionBindingEvent event)
{
}
});
}
}
}
}
}