Closed magro closed 9 years ago
magro
commented
9 years ago From martin.grotzke on February 24, 2010 07:26:14
Change title as it's not yet clear what really should be done.
Summary: createSession might take a possibly provided sessionId into account.
magro
commented
9 years ago From martin.grotzke on March 20, 2010 14:18:50
If the empty session path property is set on the connector, o.a.catalina.connector.Request.doGetSession attempts to reuse session id if one was submitted in a cookie (but not if the session id if it is from a URL, to prevent possible phishing attacks).
magro
commented
9 years ago From martin.grotzke on March 20, 2010 14:25:27
Fixed. Before reusing the provided session id it's checked, if the id contains a memcached node and if this node is available.
Status: Fixed
Labels: -Type-Task Type-Enhancement Milestone-1.2
From martin.grotzke on February 24, 2010 16:25:31
The MemcachedBackupSessionManager.createSession right now does not set the sessionId that might be provided but creates a new one.
IIRC I did not see this case when I implemented it and therefore skipped it.
The question is, in which case this might happen and what's the value of the session id - e.g. is it a session id for a session that could not be loaded from memcached, an id for a expired session etc.?
Original issue: http://code.google.com/p/memcached-session-manager/issues/detail?id=42