Uploaded image for project: 'Undertow'
  1. Undertow
  2. UNDERTOW-439

request.getRequestedSessionId() returns null when requested session has expired

XMLWordPrintable

    • Icon: Bug Bug
    • Resolution: Done
    • Icon: Major Major
    • 1.3.0.Beta1, 1.2.7.Final
    • 1.2.4.Final, 1.2.5.Final
    • Servlet
    • None

      When in servlet the request.getRequestedSessionId() call returns null in case that particular session (requested by client in header Cookie) has already expired. For sessions that are still valid this works ok.

      @WebServlet(name="SessionTimeoutCheck", urlPatterns={"/SessionTimeoutCheck"})
public class SessionTimeoutCheckServlet extends HttpServlet {

    @Override
    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        HttpSession session = request.getSession();
        response.setContentType("text/html");

        PrintWriter out = response.getWriter();
        out.write("Current session ID: " + session.getId());
        out.write("<br />\n");
        out.write("Requested session ID " + request.getRequestedSessionId());
        out.write("<br />\n");
        if (request.getRequestedSessionId() != null) {
            if (request.isRequestedSessionIdValid()) {
                out.write("Valid session");
            } else {
                out.write("Session expired");
            }
        } else {
            out.write("No sessionId specified => new session");
        }
    }
}

              sdouglas1@redhat.com Stuart Douglas (Inactive)
              jstourac@redhat.com Jan Stourac
              Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

                Created:
                Updated:
                Resolved: