From e75ec5e37a5034c310564f2603b7eea6ec405e26 Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Tue, 14 Feb 2023 13:22:59 +1100 Subject: [PATCH] Issue #9181 NPE in SessionHandler (#9346) --- .../jetty/server/session/SessionHandler.java | 45 ++++++++++--------- 1 file changed, 24 insertions(+), 21 deletions(-) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java index d6fdeae4679..a28bc83fa6f 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java @@ -1673,33 +1673,36 @@ public class SessionHandler extends ScopedHandler if (isUsingURLs() && (requestedSessionId == null)) { String uri = request.getRequestURI(); - String prefix = getSessionIdPathParameterNamePrefix(); - if (prefix != null) + if (uri != null) { - int s = uri.indexOf(prefix); - if (s >= 0) + String prefix = getSessionIdPathParameterNamePrefix(); + if (prefix != null) { - s += prefix.length(); - int i = s; - while (i < uri.length()) + int s = uri.indexOf(prefix); + if (s >= 0) { - char c = uri.charAt(i); - if (c == ';' || c == '#' || c == '?' || c == '/') - break; - i++; - } + s += prefix.length(); + int i = s; + while (i < uri.length()) + { + char c = uri.charAt(i); + if (c == ';' || c == '#' || c == '?' || c == '/') + break; + i++; + } - requestedSessionId = uri.substring(s, i); - requestedSessionIdFromCookie = false; + requestedSessionId = uri.substring(s, i); + requestedSessionIdFromCookie = false; - if (LOG.isDebugEnabled()) - LOG.debug("Got Session ID {} from URL", requestedSessionId); + if (LOG.isDebugEnabled()) + LOG.debug("Got Session ID {} from URL", requestedSessionId); - session = getHttpSession(requestedSessionId); - if (session != null && isValid(session)) - { - baseRequest.enterSession(session); //request enters this session for first time - baseRequest.setSession(session); //associate the session with the request + session = getHttpSession(requestedSessionId); + if (session != null && isValid(session)) + { + baseRequest.enterSession(session); //request enters this session for first time + baseRequest.setSession(session); //associate the session with the request + } } } }