From eb02009f87e216b21bf1ade8166393861deb7bca Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Wed, 30 Sep 2020 16:51:54 +0200 Subject: [PATCH] Issue #5365 ISE not NPE if fail to create session. (#5370) If SessionHandler.newHttpSession(Request) fails to create a session it returns null. Request.getSession(true) cannot throw a checked exception, nor can it return null, so we should throw ISE. Signed-off-by: Jan Bartel --- .../src/main/java/org/eclipse/jetty/server/Request.java | 3 +++ 1 file changed, 3 insertions(+) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java index 5ca2bc8b933..c0d24299611 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java @@ -1623,6 +1623,9 @@ public class Request implements HttpServletRequest throw new IllegalStateException("No SessionManager"); _session = _sessionHandler.newHttpSession(this); + if (_session == null) + throw new IllegalStateException("Create session failed"); + HttpCookie cookie = _sessionHandler.getSessionCookie(_session, getContextPath(), isSecure()); if (cookie != null) _channel.getResponse().replaceCookie(cookie);