Details
-
Improvement
-
Status: Closed
-
Major
-
Resolution: Fixed
-
http.jetty-4.1.0, http.base-4.1.0, http.bridge-4.1.0
-
None
Description
Jetty is adding additional attribute over Https on session object not by using setAttribute() method [0] of HttpSessionWrapper class .
When we are trying to invalidate session using [1].Session is not getting invalidated as in invalidate we are removing only attributes added by this Session [2] which contains prefix "org.apache.felix.http.session.context" and attribute added by jetty does not contain this prefix.
When we tried to remove attribute by calling removeAttribute Method [3],it was not successful, as this method is also adding prefix "org.apache.felix.http.session.context" to attributeName passed.
we also tried to cast this HttpSessionWrapper session object into "org.eclipse.jetty.server.session.Session" object, but got classCastException.So we are not able to remove this Attribute.
shouldn't invalidate method [1] should remove all attributes presents in this session or there should be a method to remove attribute from underlying container session object in HttpSessionWrapper class.
[0] : https://github.com/apache/felix-dev/blame/b91688862f39bf89c87e019ccf81653bb7ec12a1/http/base/src/main/java/org/apache/felix/http/base/internal/handler/HttpSessionWrapper.java#L397
[1] :https://github.com/apache/felix-dev/blob/master/http/base/src/main/java/org/apache/felix/http/base/internal/handler/HttpSessionWrapper.java#L323
[2]:https://github.com/apache/felix-dev/blob/master/http/base/src/main/java/org/apache/felix/http/base/internal/handler/HttpSessionWrapper.java#L335
[3] : https://github.com/apache/felix-dev/blob/master/http/base/src/main/java/org/apache/felix/http/base/internal/handler/HttpSessionWrapper.java#L372
Attachments
Issue Links
- links to