Fixed bug in handling of sessions - some non-standard web apps (forwarding domains for example) in fact will have null sessions attached to their connections. Non-breaking change.
This commit is contained in:
wcrisman
@@ -682,6 +682,7 @@ public void processRequest(final IRequest request, final IResponse response, fin
|
|||||||
}//if//
|
}//if//
|
||||||
|
|
||||||
if(!ignoreRequest) {
|
if(!ignoreRequest) {
|
||||||
|
//Note: Session should always be non-null for a standard web app.//
|
||||||
synchronized(session) {
|
synchronized(session) {
|
||||||
resourceRequestHandler.processRequest(request, response, session == null ? null : (SessionData) session.getApplicationData(), session == null ? null : (SecureSessionData) (isSecure ? session.getApplicationSecureData() : null), isSecure, connectionContext);
|
resourceRequestHandler.processRequest(request, response, session == null ? null : (SessionData) session.getApplicationData(), session == null ? null : (SecureSessionData) (isSecure ? session.getApplicationSecureData() : null), isSecure, connectionContext);
|
||||||
//Update the repository with the session changes as necessary.//
|
//Update the repository with the session changes as necessary.//
|
||||||
|
|||||||
@@ -2975,15 +2975,16 @@ private boolean processClientRequest(SocketContext context, final Request reques
|
|||||||
clientHadBadSession = request.getSessionId() != null;
|
clientHadBadSession = request.getSessionId() != null;
|
||||||
hasNewSessionData = true;
|
hasNewSessionData = true;
|
||||||
|
|
||||||
//Basic error checking.//
|
//Removed this code: Cannot disallow null sessions because then forwarding apps would need to fake a session.
|
||||||
if(session == null) {
|
// //Basic error checking.//
|
||||||
throw new RuntimeException("WebApplication failure: Cannot return a null value from IWebApplication.createSession()");
|
// if(session == null) {
|
||||||
}//if//
|
// throw new RuntimeException("WebApplication failure: Cannot return a null value from IWebApplication.createSession()");
|
||||||
|
// }//if//
|
||||||
}//if//
|
}//if//
|
||||||
|
|
||||||
//If we are handling a secure connection then setup or locate the secure session object.//
|
//If we are handling a secure connection then setup or locate the secure session object.//
|
||||||
if(context.sslEngine != null) {
|
if(context.sslEngine != null) {
|
||||||
if((request.getSecureSessionId() != null) && (session.getSecureSessionId() != null)) {
|
if((request.getSecureSessionId() != null) && (session != null) && (session.getSecureSessionId() != null)) {
|
||||||
if(session.getSecureSessionId().equals(request.getSecureSessionId())) {
|
if(session.getSecureSessionId().equals(request.getSecureSessionId())) {
|
||||||
allowSecureAccess = true;
|
allowSecureAccess = true;
|
||||||
}//if//
|
}//if//
|
||||||
@@ -2991,7 +2992,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
|
|||||||
Debug.log(new RuntimeException("Error: The client did not send the correct secure session id with the request!"));
|
Debug.log(new RuntimeException("Error: The client did not send the correct secure session id with the request!"));
|
||||||
}//else//
|
}//else//
|
||||||
}//if//
|
}//if//
|
||||||
else if(session.getSecureSessionId() == null) {
|
else if(session != null && session.getSecureSessionId() == null) {
|
||||||
//TODO: Remove
|
//TODO: Remove
|
||||||
if(debug) {
|
if(debug) {
|
||||||
Debug.log("SC: " + context.id + " Creating Secure Session");
|
Debug.log("SC: " + context.id + " Creating Secure Session");
|
||||||
@@ -3009,7 +3010,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
|
|||||||
|
|
||||||
//Save the session immediately since the requested resource might not indicate to the application that the session was updated.//
|
//Save the session immediately since the requested resource might not indicate to the application that the session was updated.//
|
||||||
//Note: We shouldn't have any problems with multiple threads from the same client each creating their own session data since every browser should start with a single thread requesting a single resource before multiple threads are used to download all the child resources.//
|
//Note: We shouldn't have any problems with multiple threads from the same client each creating their own session data since every browser should start with a single thread requesting a single resource before multiple threads are used to download all the child resources.//
|
||||||
if(hasNewSessionData) {
|
if(session != null && hasNewSessionData) {
|
||||||
//Store the session store in the db.//
|
//Store the session store in the db.//
|
||||||
session.updateRepository();
|
session.updateRepository();
|
||||||
}//if//
|
}//if//
|
||||||
@@ -3073,7 +3074,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
|
|||||||
* Processes a client request.
|
* Processes a client request.
|
||||||
* @param request The request.
|
* @param request The request.
|
||||||
* @param response The response container.
|
* @param response The response container.
|
||||||
* @param session The session for the request. This will never be null, even if the application does not use session data (or provide a SessionData instance).
|
* @param session The session for the request. This may be null in the case of non-standard web applications such as a forwarding domain.
|
||||||
* @param allowSecureAccess Whether the session's secure sessions should be accessable.
|
* @param allowSecureAccess Whether the session's secure sessions should be accessable.
|
||||||
* @param clientHadBadSession Whether the client's request contained a session reference that could not be found on the server.
|
* @param clientHadBadSession Whether the client's request contained a session reference that could not be found on the server.
|
||||||
* @return Whether request is in a receive state. Will be false if the request generated a response that could not be completely transmitted.
|
* @return Whether request is in a receive state. Will be false if the request generated a response that could not be completely transmitted.
|
||||||
|
|||||||
@@ -165,7 +165,7 @@ public void createSecureSession(ISession session);
|
|||||||
* Processes a request from the client associated with the session. The result is placed in the response object.
|
* Processes a request from the client associated with the session. The result is placed in the response object.
|
||||||
* @param request The request metadata.
|
* @param request The request metadata.
|
||||||
* @param response The response metadata.
|
* @param response The response metadata.
|
||||||
* @param session The session context for the request (never null). This is *NOT* the Session Data or Secure Session Data that the application provides, but they are accessable from this session. Provide internal (to the web server) session related data.
|
* @param session The session context for the request. May be null in the case of a non-standard web app such as a forwarding domain. This is *NOT* the Session Data or Secure Session Data that the application provides, but they are accessable from this session. Provide internal (to the web server) session related data.
|
||||||
* @param isSecure Whether the request was made over a secure connection and provided the correct secure id.
|
* @param isSecure Whether the request was made over a secure connection and provided the correct secure id.
|
||||||
* @param clientHadBadSession Whether the client's request contained a session reference that could not be found on the server.
|
* @param clientHadBadSession Whether the client's request contained a session reference that could not be found on the server.
|
||||||
* @param connectionContext The context object for the connection (socket) between the client (web browser) and server (web server).
|
* @param connectionContext The context object for the connection (socket) between the client (web browser) and server (web server).
|
||||||
|
|||||||
Reference in New Issue
Block a user