struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Nenning <Christoph.Nenn...@lex-com.net>
Subject Re: Change of HttpSession causes java.lang.IllegalStateException: HttpSession is invalid
Date Tue, 19 May 2015 08:25:18 GMT
Your interceptor can use the static method:
ActionContext.setSession(Map<String, Object> session)

Have a look at CreateSessionInterceptor to see how the map parameter can 
be created.


When your own interceptor is placed before ServletConfigInterceptor in 
stack it will affect SessionAware.



Regrads,
Christoph



> 
> Hello Christoph,
>    Apart from the issue with static access to
> @com.spb.mvc.util.Constants@ATRB_SESSION_USER, is there no way to update
> the reference to the session across the whole framework? Because we are
> having the same issue with SessionAware if the session is 
destroyed/created
> in one of the interceptors. What I would like to do is be able to inject
> the reference to the new session in the interceptor, and have it 
replaced
> the old one across the whole framework. Any suggestions?
> 
> JL
> 
> 2015-05-19 3:17 GMT-04:00 Christoph Nenning 
<Christoph.Nenning@lex-com.net>:
> 
> > >
> > > Hello,
> > >     We have a struts2 project. In that project we have a security
> > procedure
> > > in order to log in the users. As part of the login process, the 
session
> > is
> > > destroyed and recreated once the user is logged in, in order to 
avoid
> > > Session hijacking. The problem we are having is that the action 
finally
> > > returns a JSP, and that JSP has a OGNL reference to the session as
> > follows:
> > >
> > > <s:if test="#session[@com.spb.mvc.util.Constants@ATRB_SESSION_USER] 
!=
> > null
> > > ">
> > >
> > >    It seems that the reference #session points to the previous 
version,
> > as
> > > we are getting errors as follows:
> > >
> > > ERROR org.apache.struts2.dispatcher.Dispatcher  - Exception occurred
> > during
> > > processing request: HttpSession is invalid
> > > java.lang.IllegalStateException: HttpSession is invalid
> > >         at
> > > weblogic.servlet.internal.session.SessionData.getAttributeNames
> > > (SessionData.java:476)
> > >         at
> > > 
org.apache.struts2.dispatcher.SessionMap.entrySet(SessionMap.java:111)
> > >         at java.util.AbstractMap.hashCode(AbstractMap.java:492)
> > >         at java.util.Objects.hashCode(Objects.java:96)
> > >         at java.util.HashMap$Entry.hashCode(HashMap.java:847)
> > >         at java.util.AbstractMap.hashCode(AbstractMap.java:494)
> > >         at ognl.OgnlContext.hashCode(OgnlContext.java:707)
> > >         at java.lang.Object.toString(Object.java:237)
> > >         at java.lang.String.valueOf(String.java:2847)
> > >         at java.lang.StringBuilder.append(StringBuilder.java:128)
> > >
> > >
> > >
> > > Is there some way we can force the stack to refresh the reference to 
the
> > > session?
> > >
> > >   thanks
> > >
> > > JL
> >
> >
> >
> > A simple workaround would be to store session as member of action and
> > access this reference via ognl.
> >
> >
> > And please note that it is recommended to not use statics via ognl due 
to
> > security issues.
> >
> >
> >
> > Regards,
> > Christoph
> >
> > This Email was scanned by Sophos Anti Virus
> >

This Email was scanned by Sophos Anti Virus

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message