struts-user mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Christoph Nenning <Christoph.Nenn...@lex-com.net>
Subject Re: Change of HttpSession causes java.lang.IllegalStateException: HttpSession is invalid
Date Tue, 19 May 2015 07:17:01 GMT
> 
> Hello,
>     We have a struts2 project. In that project we have a security 
procedure
> in order to log in the users. As part of the login process, the session 
is
> destroyed and recreated once the user is logged in, in order to avoid
> Session hijacking. The problem we are having is that the action finally
> returns a JSP, and that JSP has a OGNL reference to the session as 
follows:
> 
> <s:if test="#session[@com.spb.mvc.util.Constants@ATRB_SESSION_USER] != 
null
> ">
> 
>    It seems that the reference #session points to the previous version, 
as
> we are getting errors as follows:
> 
> ERROR org.apache.struts2.dispatcher.Dispatcher  - Exception occurred 
during
> processing request: HttpSession is invalid
> java.lang.IllegalStateException: HttpSession is invalid
>         at
> weblogic.servlet.internal.session.SessionData.getAttributeNames
> (SessionData.java:476)
>         at
> org.apache.struts2.dispatcher.SessionMap.entrySet(SessionMap.java:111)
>         at java.util.AbstractMap.hashCode(AbstractMap.java:492)
>         at java.util.Objects.hashCode(Objects.java:96)
>         at java.util.HashMap$Entry.hashCode(HashMap.java:847)
>         at java.util.AbstractMap.hashCode(AbstractMap.java:494)
>         at ognl.OgnlContext.hashCode(OgnlContext.java:707)
>         at java.lang.Object.toString(Object.java:237)
>         at java.lang.String.valueOf(String.java:2847)
>         at java.lang.StringBuilder.append(StringBuilder.java:128)
> 
> 
> 
> Is there some way we can force the stack to refresh the reference to the
> session?
> 
>   thanks
> 
> JL



A simple workaround would be to store session as member of action and 
access this reference via ognl.


And please note that it is recommended to not use statics via ognl due to 
security issues.



Regards,
Christoph

This Email was scanned by Sophos Anti Virus

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message