MyFaces Core
  1. MyFaces Core
  2. MYFACES-2754

MyFaces can attempt to create a new session after the response has been committed

    Details

    • Type: Bug Bug
    • Status: Reopened
    • Priority: Major Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.9, 2.0.0
    • Fix Version/s: 2.0.1
    • Component/s: General
    • Labels:
      None

      Description

      As currently implemented, MyFaces can attempt to create a new session after the response has been committed. This is due to calling saveSerializedView on the JspStateManagerImpl even in cases where writeState was never called (e.g. a JSP outcome target with no form tags). This can lead to either an IllegalStateException being thrown or else extra sessions being created which wait until the session timeout is reached to be destroyed and thus can lead to a potential memory leak. Which behavior is seen depends on the appserver being used and whether it reuses session cookies for the same client.

      JSPStateManagerImpl will be updated to set a FacesContext attribute on writeState to indicate that the state should be written by saveSerializedView.

      On 2.0, FlashImpl also needs to be updated as well to not create a new session during the remove children operation. Currently we are creating a new session just to create a new map and then clear it.

        Activity

        No work has yet been logged on this issue.

          People

          • Assignee:
            Michael Concini
            Reporter:
            Michael Concini
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:

              Development