wcrisman/Brainstorm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fixed bug in handling of sessions - some non-standard web apps (forwarding domains for example) in fact will have null sessions attached to their connections. Non-breaking change.

Browse Source
This commit is contained in:
wcrisman
2014-07-11 15:39:28 -07:00
parent 54b2f9b5ad
commit 66487c3b25
3 changed files with 11 additions and 9 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
Foundation Web Core/src/com/foundation/web/server/WebServer.java
View File

@@ -2975,15 +2975,16 @@ private boolean processClientRequest(SocketContext context, final Request reques
clientHadBadSession = request.getSessionId() != null;
hasNewSessionData = true;
//Basic error checking.//
if(session == null) {
throw new RuntimeException("WebApplication failure: Cannot return a null value from IWebApplication.createSession()");
}//if//
//Removed this code: Cannot disallow null sessions because then forwarding apps would need to fake a session.
// //Basic error checking.//
// if(session == null) {
// throw new RuntimeException("WebApplication failure: Cannot return a null value from IWebApplication.createSession()");
// }//if//
}//if//
//If we are handling a secure connection then setup or locate the secure session object.//
if(context.sslEngine != null) {
if((request.getSecureSessionId() != null) && (session.getSecureSessionId() != null)) {
if((request.getSecureSessionId() != null) && (session != null) && (session.getSecureSessionId() != null)) {
if(session.getSecureSessionId().equals(request.getSecureSessionId())) {
allowSecureAccess = true;
}//if//
@@ -2991,7 +2992,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
Debug.log(new RuntimeException("Error: The client did not send the correct secure session id with the request!"));
}//else//
}//if//
else if(session.getSecureSessionId() == null) {
else if(session != null && session.getSecureSessionId() == null) {
//TODO: Remove
if(debug) {
Debug.log("SC: " + context.id + " Creating Secure Session");
@@ -3009,7 +3010,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
//Save the session immediately since the requested resource might not indicate to the application that the session was updated.//
//Note: We shouldn't have any problems with multiple threads from the same client each creating their own session data since every browser should start with a single thread requesting a single resource before multiple threads are used to download all the child resources.//
if(hasNewSessionData) {
if(session != null && hasNewSessionData) {
//Store the session store in the db.//
session.updateRepository();
}//if//
@@ -3073,7 +3074,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
* Processes a client request.
* @param request The request.
* @param response The response container.
* @param session The session for the request. This will never be null, even if the application does not use session data (or provide a SessionData instance).
* @param session The session for the request. This may be null in the case of non-standard web applications such as a forwarding domain.
* @param allowSecureAccess Whether the session's secure sessions should be accessable.
* @param clientHadBadSession Whether the client's request contained a session reference that could not be found on the server.
* @return Whether request is in a receive state. Will be false if the request generated a response that could not be completely transmitted.