AmadeusITGroup / HttpSessionReplacer

Store JEE Servlet HttpSessions in Redis
MIT License
49 stars 33 forks source link

Bad key delete in case of session failover #14

Closed nbogojevic closed 7 years ago

nbogojevic commented 7 years ago

When session failover occurs, previous expiry key is deleted, however the code doesn't delete correct key.

The bug is in redis.del call in following. The key should probably include session id (see getSessionExpireKey() for correct format)

    private void manageSessionFailover(SessionData session) {
      // If stickiness is active, and there was failover, we need to delete
      // previous session expire key
      if (sticky && !owner.equals(session.getPreviousOwner())) {
        redis.del(encode(constructKeyExpirePrefix(session.getPreviousOwner())));
      }
    }
nbogojevic commented 7 years ago

Fixed in #17