[CONFSERVER-3415] Session already invalidated - UserSessionExpiryListener tries to retrieve attributes from invalid sessions - Create and track feature requests for Atlassian products.

Type: Bug
Resolution: Obsolete
Priority: Medium
Fix Version/s: None
Affects Version/s: 1.4
Component/s: None
Labels:
- affects-server

Bug Fix Policy:
View Atlassian Server bug fix policy

Session event listener threw exception
java.lang.IllegalStateException: getAttribute: Session already invalidated
at org.apache.catalina.session.StandardSession.getAttribute(StandardSession.java:953)
at org.apache.catalina.session.StandardSessionFacade.getAttribute(StandardSessionFacade.java:171)
at com.atlassian.confluence.user.listeners.UserSessionExpiryListener.sessionDestroyed(UserSessionExpiryListener.java:28)

Some application servers (such as Tomcat) take a literal interpretation of the servlet spec over, say, a SANE one, and invalidate the HttpSession before passing it to the session listener's sessionDestroyed() method. Because of this, the listener can't actually DO anything with the session, rendering it COMPLETELY USELESS.

We need to find another way to detect when a user has logged out, or at least disable user tracking on those appservers that work this way. Resin and Orion seem fine, Tomcat 4.x is definitely broken, and I suspect Weblogic will behave the Tomcat way.

See also: http://www.caucho.com/support/resin-interest/0207/0332.html

No work has yet been logged on this issue.

Assignee:: Unassigned

Reporter:: Charles Miller (Inactive)

Affected customers:: 0 This affects my team

Watchers:: 0 Start watching this issue

Created:: 16/Jun/2005 8:07 AM

Updated:: 11/Oct/2018 8:46 AM

Resolved:: 02/May/2007 6:37 AM

Details

Description

Attachments

Forms

Activity

[CONFSERVER-3415] Session already invalidated - UserSessionExpiryListener tries to retrieve attributes from invalid sessions

People

Dates