-
Bug
-
Resolution: Done
-
Major
-
1.2.7.Final
-
None
When calling
request.isRequestedSessionIdValid()
in servlet code then this method returns true even when particular requested session has expired and now is used different session.
Expected behaviour:
- return true if current valid session is same as requested by client in preceding request
- return false if current valid session is different (new) from the one requested by client in preceding request
Not sure but probably source of the problem might be in implementation of that method here:
https://github.com/undertow-io/undertow/blob/90789748d3b493d7a233a4ef5ba8ae33032c1543/servlet/src/main/java/io/undertow/servlet/spec/HttpServletRequestImpl.java#L377
- clones
-
JBEAP-355 request.isRequestedSessionIdValid() returns true even when requested session has expired
- Closed