Uploaded image for project: 'Confluence Data Center'
  1. Confluence Data Center
  2. CONFSERVER-3415

Session already invalidated - UserSessionExpiryListener tries to retrieve attributes from invalid sessions

    XMLWordPrintable

Details

    • Bug
    • Resolution: Obsolete
    • Medium
    • None
    • 1.4
    • None

    Description

      Session event listener threw exception
      java.lang.IllegalStateException: getAttribute: Session already invalidated
      at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:953)
      at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:171)
      at com.atlassian.confluence.user.listeners.UserSessionExpiryListener.sessionDestroyed(UserSessionExpiryListener.java:28)

      Some application servers (such as Tomcat) take a literal interpretation of the servlet spec over, say, a SANE one, and invalidate the HttpSession before passing it to the session listener's sessionDestroyed() method. Because of this, the listener can't actually DO anything with the session, rendering it COMPLETELY USELESS.

      We need to find another way to detect when a user has logged out, or at least disable user tracking on those appservers that work this way. Resin and Orion seem fine, Tomcat 4.x is definitely broken, and I suspect Weblogic will behave the Tomcat way.

      See also: http://www.caucho.com/support/resin-interest/0207/0332.html

      Attachments

        Activity

          People

            Unassigned Unassigned
            cmiller@atlassian.com Charles Miller
            Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

              Created:
              Updated:
              Resolved: