Uploaded image for project: 'Struts 1'
  1. Struts 1
  2. STR-3043

issues with <bean:include> tag

    XMLWordPrintableJSON

    Details

    • Type: Bug
    • Status: Open
    • Priority: Major
    • Resolution: Unresolved
    • Affects Version/s: 1.2.7
    • Fix Version/s: Future
    • Component/s: Tag Libraries
    • Labels:
      None
    • Environment:
      Struts 1.2 on WebSphere Application server - version 6

      Description

      The logic for the Apache STRUTs tag bean:include causes a new connection to be opened to request a page to be included in the final response for a JSP. The data used to build the new request includes the session ID from the original request, which is stored in the JSESSIONID cookie for the new request. In theory, this should allow the new request to access session data that may have been created in the original request. The STRUTs code uses a call to HttpServletRequest.getRequestedSessionId() to create this JSESSIONID cookie on the new request.
      WebSphere JSESSIONID cookie actually consists of the session ID itself, and the routing information for the request (which is used to ensure the request makes it back to the same servant where the session is actually being stored, also known as the affinity token). So, the JSESSIONID created by STRUTs is actually incorrect for IBM® WebSphere® Application Server v6.0
      In practice, this means that any JSPs or servlets included using bean:include will not have access to any original session data created for the request. Instead the 'offshoot' new request created by this tag will cause new sessions to be created for the new request, and any information stored during processing of the offshoot request will ultimately be lost.

      The STRUTs code uses a call to HttpServletRequest.getRequestedSessionId() to create this JSESSIONID cookie on the new request.The contents of getRequestedSessionId() is not guaranteed to be equal to the contents of the JSESSIONID cookie, So the struts code should just access the current request's JSESSIONID cookie and copy that information to the new cookie

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                Unassigned
                Reporter:
                anju_krishna Anju Geethabai
              • Votes:
                0 Vote for this issue
                Watchers:
                0 Start watching this issue

                Dates

                • Created:
                  Updated: