From ca5a086877a4cc3244893d5bd599a0c78825cd3d Mon Sep 17 00:00:00 2001
From: Jan Bartel <janb@intalio.com>
Date: Mon, 12 May 2014 11:22:41 +0200
Subject: [PATCH] 434447 Able to create a session after a response.sendRedirect

---
 .../org/eclipse/jetty/server/Request.java     |  3 ++
 .../org/eclipse/jetty/server/RequestTest.java | 36 +++++++++++++++++++
 2 files changed, 39 insertions(+)

diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
index d1e10f22924..eee35039f20 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java
@@ -1396,6 +1396,9 @@ public class Request implements HttpServletRequest
 
         if (!create)
             return null;
+        
+        if (getResponse().isCommitted())
+            throw new IllegalStateException("Response is committed");
 
         if (_sessionManager == null)
             throw new IllegalStateException("No SessionManager");
diff --git a/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java b/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
index 09c31823efc..17e1ec9af97 100644
--- a/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
+++ b/jetty-server/src/test/java/org/eclipse/jetty/server/RequestTest.java
@@ -26,6 +26,7 @@ import static org.junit.Assert.assertNull;
 import static org.junit.Assert.assertSame;
 import static org.junit.Assert.assertThat;
 import static org.junit.Assert.assertTrue;
+import static org.junit.Assert.fail;
 
 import java.io.BufferedReader;
 import java.io.File;
@@ -711,6 +712,41 @@ public class RequestTest
         assertTrue(responses.indexOf("read='param=wrong' param=right")>0);
 
     }
+    
+    @Test
+    public void testSessionAfterRedirect() throws Exception
+    { 
+        Handler handler = new AbstractHandler()
+        {
+            @Override
+            public void handle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException,
+            ServletException
+            {
+                baseRequest.setHandled(true);
+                response.sendRedirect("/foo");
+                try
+                {
+                    request.getSession(true);
+                    fail("Session should not be created after response committed");
+                }
+                catch (IllegalStateException e)
+                {
+                    //expected
+                }
+                catch (Exception e)
+                {
+                    fail("Session creation after response commit should throw IllegalStateException");
+                }
+            }
+        };
+        _server.stop();
+        _server.setHandler(handler);
+        _server.start();
+        String response=_connector.getResponses("GET / HTTP/1.1\n"+
+                                                "Host: myhost\n"+
+                                                "Connection: close\n"+
+                                                "\n");
+    }
 
     @Test
     public void testPartialInput() throws Exception