Uploaded image for project: 'Struts 2'
  1. Struts 2
  2. WW-4741

Http Sessions forcefully created for all requests using I18nInterceptor with default Storage value.

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.5.10
    • Fix Version/s: 2.5.16
    • Component/s: None
    • Labels:
      None

      Description

      Changes made in WW-4730 for store and read functions cause an httpSession to be created for every request that uses I18nInterceptor when storage = Storage.SESSION.

      Current code checks for

      Map<String, Object> session = invocation.getInvocationContext().getSession()

      to be null and then calls

      ServletActionContext.getRequest().getSession()

      (notice how the second one references the HttpServletRequest. The HttpServletRequest Session and and the InvocationContext session are different. The request's session can be null, even if the InvocationContext's session is not).

      Calling .getSession() in this manner forcefully creates a session.

      An appropriate check here might be

      HttpSession httpSession = ServletActionContext.getRequest().getSession(false); 
      
      if(httpSession != null) {
      ... // get sessionId and synchronize on it
      }
      

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                lukaszlenart Lukasz Lenart
                Reporter:
                agreenfield Adam Greenfield
              • Votes:
                0 Vote for this issue
                Watchers:
                8 Start watching this issue

                Dates

                • Created:
                  Updated:
                  Resolved: