struts-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Paul Benedict (JIRA)" <j...@apache.org>
Subject [jira] Updated: (STR-3043) issues with <bean:include> tag
Date Sun, 27 May 2007 17:33:43 GMT

     [ https://issues.apache.org/struts/browse/STR-3043?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Paul Benedict updated STR-3043:
-------------------------------

    Fix Version/s: 1.4.0

It might be worth fixing this anyway. Assigning to 1.4 just in case.

> issues with <bean:include> tag
> ------------------------------
>
>                 Key: STR-3043
>                 URL: https://issues.apache.org/struts/browse/STR-3043
>             Project: Struts 1
>          Issue Type: Bug
>    Affects Versions: 1.2.7
>         Environment: Struts 1.2  on WebSphere Application server  - version 6
>            Reporter: Anju Geethabai
>             Fix For: 1.4.0
>
>
> The logic for the Apache STRUTs tag bean:include causes a new connection to be opened
to request a page to be included in the final response for a JSP. The data used to build the
new request includes the session ID from the original request, which is stored in the JSESSIONID
cookie for the new request. In theory, this should allow the new request to access session
data that may have been created in the original request. The STRUTs code uses a call to HttpServletRequest.getRequestedSessionId()
to create this JSESSIONID cookie on the new request. 
> WebSphere JSESSIONID cookie actually consists of the session ID itself, and the routing
information for the request (which is used to ensure the request makes it back to the same
servant where the session is actually being stored, also known as the affinity token). So,
the JSESSIONID created by STRUTs is actually incorrect for IBM® WebSphere® Application Server
v6.0 
> In practice, this means that any JSPs or servlets included using bean:include will not
have access to any original session data created for the request. Instead the 'offshoot' new
request created by this tag will cause new sessions to be created for the new request, and
any information stored during processing of the offshoot request will ultimately be lost.
 
> The STRUTs code uses a call to HttpServletRequest.getRequestedSessionId() to create this
JSESSIONID cookie on the new request.The contents of getRequestedSessionId() is not guaranteed
to be equal to the contents of the JSESSIONID cookie, So the struts  code should just access
the current request's JSESSIONID cookie and copy that information to the new cookie

-- 
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.


Mime
View raw message