Bug 51550 - Empty response instead of error page for IllegalStateException
Summary: Empty response instead of error page for IllegalStateException
Status: RESOLVED FIXED
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: Nightly Build
Hardware: PC All
: P2 normal (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-07-25 13:22 UTC by Holger Sunke
Modified: 2011-09-21 11:33 UTC (History)
0 users



Attachments
Proposed patch for Tomcat 6 v1 (12.84 KB, patch)
2011-07-26 08:00 UTC, Mark Thomas
Details | Diff
Proposed patch for Tomcat 5 v1 (4.05 KB, patch)
2011-07-26 08:00 UTC, Mark Thomas
Details | Diff
Proposed patch for Tomcat 6 v2 (3.95 KB, patch)
2011-07-26 08:02 UTC, Mark Thomas
Details | Diff
Proposed patch for Tomcat 5 v2 (4.21 KB, patch)
2011-08-22 12:53 UTC, Mark Thomas
Details | Diff
Updated patch (4.11 KB, patch)
2011-08-25 17:11 UTC, Mark Thomas
Details | Diff

Note You need to log in before you can comment on or make changes to this bug.
Description Holger Sunke 2011-07-25 13:22:52 UTC
IllegalStateException for "Too many active Sessions" error on createSession(..) sometines results in empty response with HTTP 200 OK status instead of an error message.

I saw this happening when tomcat trys to create session #(n+1) for a protected area with FORM based authentication and SessionManager with maxActiveSessions=n, not depending on whether StandardManager or PersistentManager is beeing used.

Reproduction:

1) Add webbapps/examples/META-INF/context.xml with following content:
<Context>
        <Manager className="org.apache.catalina.session.StandardManager"
		 maxActiveSessions="1">
	</Manager>
</Context>

2) Restart Tomcat
3) Visit http://localhost:8080/examples/jsp/security/protected/
4) Clear cookies in your browser
5) repeat step 3).

Result:
HTTP/1.1 200 OK
Server: Apache-Coyote/1.1
Cache-Control: private
Expires: Thu, 01 Jan 1970 01:00:00 CET
Transfer-Encoding: chunked
Date: Mon, 25 Jul 2011 13:20:56 GMT

Expected Result:
HTTP/1.1 500 OK
Server: Apache-Coyote/1.1
[...]
Comment 1 Mark Thomas 2011-07-25 19:45:29 UTC
Thanks for the report and the steps to reproduce the error.

I have fixed this in 7.0.x and it will be included in 7.0.20 onwards.
Comment 2 Holger Sunke 2011-07-26 06:02:33 UTC
Thank you.

What I forgot to mention is, that this issue also hits Tomcat 6. Maybe you'd check older versions too.
Comment 3 Mark Thomas 2011-07-26 07:17:59 UTC
Re-open to fix older versions
Comment 4 Mark Thomas 2011-07-26 08:00:14 UTC
Created attachment 27316 [details]
Proposed patch for Tomcat 6 v1
Comment 5 Mark Thomas 2011-07-26 08:00:31 UTC
Created attachment 27317 [details]
Proposed patch for Tomcat 5 v1
Comment 6 Mark Thomas 2011-07-26 08:02:17 UTC
Created attachment 27318 [details]
Proposed patch for Tomcat 6 v2

Removes additional fixes from patch
Comment 7 Mark Thomas 2011-08-22 12:53:42 UTC
Created attachment 27421 [details]
Proposed patch for Tomcat 5 v2

Updates patch for 5.5.x after review comments
Comment 8 Mark Thomas 2011-08-25 17:11:46 UTC
Created attachment 27434 [details]
Updated patch

Addresses review comments (needed to catch Throwable in JkCoyoteHandler)
Comment 9 Holger Sunke 2011-09-01 12:46:51 UTC
Tomcat 7.0.20 now correctly responds "HTTP/1.1 500", but I still don't get my error page configured in web.xml like this:

<error-page>
  <error-code>500</error-code>
  <location>/static/error/internal.html</location>
</error-page>
Comment 10 Mark Thomas 2011-09-02 11:33:46 UTC
I've added some code to 7.0.x that will use custom error pages in this scenario. I don't intend to back-port this part of the fix to 6.0.x or 5.5.x.
Comment 11 Konstantin Kolinko 2011-09-16 18:48:09 UTC
The proposed patch has been applied to 5.5 and will be in 5.5.34.

The example of maxActiveSessions="1" in the Description now results in a reply with HTTP status 500, whereas with 5.5.33 the status was 200.
The content of the response is still empty.


The patch has not been applied to 6.0 yet, so I am leaving this issue open.
Comment 12 Mark Thomas 2011-09-21 11:33:14 UTC
The patch has been applied to 6.0.x and will be included in 6.0.34 onwards.