[MYFACES-2754] MyFaces can attempt to create a new session after the response has been committed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: 1.2.9, 2.0.0
Fix Version/s: 2.0.1
Component/s: General
Labels:
None

Description

As currently implemented, MyFaces can attempt to create a new session after the response has been committed. This is due to calling saveSerializedView on the JspStateManagerImpl even in cases where writeState was never called (e.g. a JSP outcome target with no form tags). This can lead to either an IllegalStateException being thrown or else extra sessions being created which wait until the session timeout is reached to be destroyed and thus can lead to a potential memory leak. Which behavior is seen depends on the appserver being used and whether it reuses session cookies for the same client.

JSPStateManagerImpl will be updated to set a FacesContext attribute on writeState to indicate that the state should be written by saveSerializedView.

On 2.0, FlashImpl also needs to be updated as well to not create a new session during the remove children operation. Currently we are creating a new session just to create a new map and then clear it.

Attachments

- Sort By Name
- Sort By Date
- Ascending
- Descending

MYFACES-2754-reverted-code.patch
21/Jul/10 16:45
5 kB
Leonardo Uribe

Activity

People

Assignee:: Michael Concini

Reporter:: Michael Concini

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 15/Jun/10 13:51

Updated:: 01/Mar/16 05:21

Resolved:: 01/Mar/16 05:20