tomee-users mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ronny Karallus <ronny.karal...@gmail.com>
Subject OpenEJBHttpServer Responses will always have a session?
Date Wed, 11 Sep 2013 21:06:28 GMT
Diging for another problem in the source code I found the following piece
of code that is called on
org.apache.openejb.server.httpd.HttpResponseImpl.writeMessage(...) - so
pretty much on any response for the OpenEJBHttpServer:

    /** closes the message sent to the browser
     */
    private void closeMessage() {
        setContentLengthHeader();
        setCookieHeader();
    }

    private void setCookieHeader() {
        if (request == null || request.getSession() == null) return;

        HttpSession session = request.getSession(false);

        if (session == null) return;

<= the session will never be null here because you are calling
request.getSession(true) implicitly in line 1 of setCookieHeader() which
will create a session if there is none. This will in the end mean that
every request hitting the appserver will create a session even if it doesnt
require one ...

I am wondering if this is really on purpose or if this is a bug that needs
to be posted ... I found this in trunk and in version 1.5.2

Thanks

Mime
  • Unnamed multipart/alternative (inline, None, 0 bytes)
View raw message