Fixed bug in handling of sessions - some non-standard web apps (forwarding domains for example) in fact will have null sessions attached to their connections. Non-breaking change.

Foundation Web Application/src/com/foundation/web/WebApplication.java

@@ -682,6 +682,7 @@ public void processRequest(final IRequest request, final IResponse response, fin
 	}//if//
 	
 	if(!ignoreRequest) {
+		//Note: Session should always be non-null for a standard web app.//
 		synchronized(session) {
 			resourceRequestHandler.processRequest(request, response, session == null ? null : (SessionData) session.getApplicationData(), session == null ? null : (SecureSessionData) (isSecure ? session.getApplicationSecureData() : null), isSecure, connectionContext);
 			//Update the repository with the session changes as necessary.//

Foundation Web Core/src/com/foundation/web/server/WebServer.java

@@ -2975,15 +2975,16 @@ private boolean processClientRequest(SocketContext context, final Request reques
 							clientHadBadSession = request.getSessionId() != null;
 							hasNewSessionData = true;
 							
-							//Basic error checking.//
-							if(session == null) {
-								throw new RuntimeException("WebApplication failure: Cannot return a null value from IWebApplication.createSession()");
-							}//if//
+							//Removed this code: Cannot disallow null sessions because then forwarding apps would need to fake a session.
+//							//Basic error checking.//
+//							if(session == null) {
+//								throw new RuntimeException("WebApplication failure: Cannot return a null value from IWebApplication.createSession()");
+//							}//if//
 						}//if//
 						
 						//If we are handling a secure connection then setup or locate the secure session object.//
 						if(context.sslEngine != null) {
-							if((request.getSecureSessionId() != null) && (session.getSecureSessionId() != null)) {
+							if((request.getSecureSessionId() != null) && (session != null) && (session.getSecureSessionId() != null)) {
 								if(session.getSecureSessionId().equals(request.getSecureSessionId())) {
 									allowSecureAccess = true;
 								}//if//
@@ -2991,7 +2992,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
 									Debug.log(new RuntimeException("Error: The client did not send the correct secure session id with the request!"));
 								}//else//
 							}//if//
-							else if(session.getSecureSessionId() == null) {
+							else if(session != null && session.getSecureSessionId() == null) {
 								//TODO: Remove
 								if(debug) {
 									Debug.log("SC: " + context.id + " Creating Secure Session");
@@ -3009,7 +3010,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
 						
 						//Save the session immediately since the requested resource might not indicate to the application that the session was updated.//
 						//Note: We shouldn't have any problems with multiple threads from the same client each creating their own session data since every browser should start with a single thread requesting a single resource before multiple threads are used to download all the child resources.//
-						if(hasNewSessionData) {
+						if(session != null && hasNewSessionData) {
 							//Store the session store in the db.//
 							session.updateRepository();
 						}//if//
@@ -3073,7 +3074,7 @@ private boolean processClientRequest(SocketContext context, final Request reques
  * Processes a client request.
  * @param request The request.
  * @param response The response container.
- * @param session The session for the request.  This will never be null, even if the application does not use session data (or provide a SessionData instance).
+ * @param session The session for the request.  This may be null in the case of non-standard web applications such as a forwarding domain.
  * @param allowSecureAccess Whether the session's secure sessions should be accessable.
  * @param clientHadBadSession Whether the client's request contained a session reference that could not be found on the server.
  * @return Whether request is in a receive state.  Will be false if the request generated a response that could not be completely transmitted.

Foundation Web Interfaces/src/com/foundation/web/interfaces/IWebApplication.java

@@ -165,7 +165,7 @@ public void createSecureSession(ISession session);
  * Processes a request from the client associated with the session.  The result is placed in the response object.
  * @param request The request metadata.
  * @param response The response metadata.
- * @param session The session context for the request (never null).  This is *NOT* the Session Data or Secure Session Data that the application provides, but they are accessable from this session.  Provide internal (to the web server) session related data.
+ * @param session The session context for the request.  May be null in the case of a non-standard web app such as a forwarding domain.  This is *NOT* the Session Data or Secure Session Data that the application provides, but they are accessable from this session.  Provide internal (to the web server) session related data.
  * @param isSecure Whether the request was made over a secure connection and provided the correct secure id.
  * @param clientHadBadSession Whether the client's request contained a session reference that could not be found on the server.
  * @param connectionContext The context object for the connection (socket) between the client (web browser) and server (web server).