Eclipse
/
jetty.project
mirror of https://github.com/jetty/jetty.project.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Issue #1224 

This reverts commit 3d35484dc7 and provides different solution.
This commit is contained in:
Jan Bartel 2017-01-09 12:07:29 +11:00
parent 04a2777603
commit 69babbf38c
2 changed files with 11 additions and 9 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
jetty-security/src/main/java/org/eclipse/jetty/security/authentication/SessionAuthentication.java
View File

@ -80,20 +80,16 @@ public class SessionAuthentication extends AbstractUserAuthentication implements
if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null) if (_session!=null && _session.getAttribute(__J_AUTHENTICATED)!=null)
_session.removeAttribute(__J_AUTHENTICATED); _session.removeAttribute(__J_AUTHENTICATED);
doLogout(null); doLogout();
} }
private void doLogout(HttpSessionBindingEvent event) private void doLogout()
{ {
SecurityHandler security=SecurityHandler.getCurrentSecurityHandler(); SecurityHandler security=SecurityHandler.getCurrentSecurityHandler();
if (security!=null) if (security!=null)
security.logout(this); security.logout(this);
//if we were called by an unbind event, it means the session is invalid if (_session!=null)
//so don't try and remove the attribute
if (_session!=null && event == null)
{
_session.removeAttribute(Session.SESSION_CREATED_SECURE); _session.removeAttribute(Session.SESSION_CREATED_SECURE);
}
} }
@Override @Override
@ -129,7 +125,7 @@ public class SessionAuthentication extends AbstractUserAuthentication implements
@Override @Override
public void valueUnbound(HttpSessionBindingEvent event) public void valueUnbound(HttpSessionBindingEvent event)
{ {
doLogout(event); doLogout();
} }
} }

8
jetty-server/src/main/java/org/eclipse/jetty/server/session/Session.java
View File

@ -605,9 +605,12 @@ public class Session implements SessionHandler.SessionIf
{ {
checkLocked(); checkLocked();
if (_state != State.VALID) if (_state == State.INVALID)
throw new IllegalStateException("Not valid for write: id="+_sessionData.getId()+" created="+_sessionData.getCreated()+" accessed="+_sessionData.getAccessed()+" lastaccessed="+_sessionData.getLastAccessed()+" maxInactiveMs="+_sessionData.getMaxInactiveMs()+" expiry="+_sessionData.getExpiry()); throw new IllegalStateException("Not valid for write: id="+_sessionData.getId()+" created="+_sessionData.getCreated()+" accessed="+_sessionData.getAccessed()+" lastaccessed="+_sessionData.getLastAccessed()+" maxInactiveMs="+_sessionData.getMaxInactiveMs()+" expiry="+_sessionData.getExpiry());
if (_state == State.INVALIDATING)
return; //in the process of being invalidated, listeners may try to remove attributes
if (!isResident()) if (!isResident())
throw new IllegalStateException("Not valid for write: id="+_sessionData.getId()+" not resident"); throw new IllegalStateException("Not valid for write: id="+_sessionData.getId()+" not resident");
} }
@ -626,6 +629,9 @@ public class Session implements SessionHandler.SessionIf
if (_state == State.INVALID) if (_state == State.INVALID)
throw new IllegalStateException("Invalid for read: id="+_sessionData.getId()+" created="+_sessionData.getCreated()+" accessed="+_sessionData.getAccessed()+" lastaccessed="+_sessionData.getLastAccessed()+" maxInactiveMs="+_sessionData.getMaxInactiveMs()+" expiry="+_sessionData.getExpiry()); throw new IllegalStateException("Invalid for read: id="+_sessionData.getId()+" created="+_sessionData.getCreated()+" accessed="+_sessionData.getAccessed()+" lastaccessed="+_sessionData.getLastAccessed()+" maxInactiveMs="+_sessionData.getMaxInactiveMs()+" expiry="+_sessionData.getExpiry());
if (_state == State.INVALIDATING)
return;
if (!isResident()) if (!isResident())
throw new IllegalStateException("Invalid for read: id="+_sessionData.getId()+" not resident"); throw new IllegalStateException("Invalid for read: id="+_sessionData.getId()+" not resident");
} }