createSession might take a possibly provided sessionId into account.

mauriciorodrigues / memcached-session-manager

Automatically exported from code.google.com/p/memcached-session-manager

0 stars 0 forks source link

createSession might take a possibly provided sessionId into account. #42

Closed GoogleCodeExporter closed 8 years ago

GoogleCodeExporter commented 8 years ago

The MemcachedBackupSessionManager.createSession right now does not set the 
sessionId that might be provided but creates a new one.

IIRC I did not see this case when I implemented it and therefore skipped it.

The question is, in which case this might happen and what's the value of the 
session id - e.g. is it a session id for a session that could not be loaded 
from memcached, an id for a expired session etc.?

Original issue reported on code.google.com by martin.grotzke on 24 Feb 2010 at 3:25

GoogleCodeExporter commented 8 years ago

Change title as it's not yet clear what really should be done.

Original comment by martin.grotzke on 24 Feb 2010 at 3:26

Changed title: createSession might take a possibly provided sessionId into account.

GoogleCodeExporter commented 8 years ago

If the empty session path property is set on the connector, 
o.a.catalina.connector.Request.doGetSession attempts to reuse session id if one 
was 
submitted in a cookie (but not if the session id if it is from a URL, to 
prevent 
possible phishing attacks).

Original comment by martin.grotzke on 20 Mar 2010 at 9:18

GoogleCodeExporter commented 8 years ago

Fixed. Before reusing the provided session id it's checked, if the id contains 
a 
memcached node and if this node is available.

Original comment by martin.grotzke on 20 Mar 2010 at 9:25

Changed state: Fixed
Added labels: Milestone-1.2, Type-Enhancement
Removed labels: Type-Task