KiHttpSession.invalidate() doesn't seem to work

classic Classic list List threaded Threaded
4 messages Options
Reply | Threaded
Open this post in threaded view
|

KiHttpSession.invalidate() doesn't seem to work

Maarten Bosteels
Hello,

I am trying out the spring-sample on trunk.

URL: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/samples/spring
Revision: 761927

* login as user1
* set value = ABC
* logout
* login as user2 (same browser)
=> I see the value saved by user1 (and the same session id)

I've observed this behavior on tomcat 5.5.23, tomcat 6.0.18 and with
maven jetty:run

I added some logging in LoginController and LogoutController and this
is the output:

2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session=org.apache.ki.web.servlet.KiHttpSession@1429c57
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.getCreationTime()=1239141131962
...
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session=org.apache.ki.web.servlet.KiHttpSession@46752d
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.getCreationTime()=1239141131962

    private void logSession(String when, HttpServletRequest request) {
        HttpSession session = request.getSession(false);
        logger.info(when + ": session=" + session);
        if (session != null) {
          logger.info(when + ": session.id=" + session.getId());
          logger.info(when + ": session.getCreationTime()=" +
session.getCreationTime());
        }
    }

By the way, I had to make some minor changes to
trunk/samples/spring/pom.xml before I could run the application:

--- pom.xml     (revision 761927)
+++ pom.xml     (working copy)
@@ -85,10 +85,12 @@
         <dependency>
             <groupId>org.slf4j</groupId>
             <artifactId>slf4j-log4j12</artifactId>
+            <scope>runtime</scope>
         </dependency>
         <dependency>
             <groupId>log4j</groupId>
             <artifactId>log4j</artifactId>
+            <scope>runtime</scope>
         </dependency>
         <dependency>
             <groupId>org.springframework</groupId>
@@ -98,6 +100,21 @@
             <groupId>org.springframework</groupId>
             <artifactId>spring-webmvc</artifactId>
         </dependency>
+
+        <dependency>
+            <groupId>hsqldb</groupId>
+            <artifactId>hsqldb</artifactId>
+            <version>${hsqldbVersion}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <version>1.2</version>
+            <scope>runtime</scope>
+        </dependency>
+
     </dependencies>


regards,
Maarten
Reply | Threaded
Open this post in threaded view
|

Re: KiHttpSession.invalidate() doesn't seem to work

Les Hazlewood-2
Hi Maarten,

I finally had time to try this out.  I do indeed see what you're describing - it is probably an invalid cache configuration on my part.  I'll play with it a bit and see what I did wrong.

Cheers,

Les

On Tue, Apr 7, 2009 at 6:14 PM, Maarten Bosteels <[hidden email]> wrote:
Hello,

I am trying out the spring-sample on trunk.

URL: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/samples/spring
Revision: 761927

* login as user1
* set value = ABC
* logout
* login as user2 (same browser)
=> I see the value saved by user1 (and the same session id)

I've observed this behavior on tomcat 5.5.23, tomcat 6.0.18 and with
maven jetty:run

I added some logging in LoginController and LogoutController and this
is the output:

2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session=org.apache.ki.web.servlet.KiHttpSession@1429c57
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.getCreationTime()=1239141131962
...
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session=org.apache.ki.web.servlet.KiHttpSession@46752d
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.getCreationTime()=1239141131962

   private void logSession(String when, HttpServletRequest request) {
       HttpSession session = request.getSession(false);
       logger.info(when + ": session=" + session);
       if (session != null) {
         logger.info(when + ": session.id=" + session.getId());
         logger.info(when + ": session.getCreationTime()=" +
session.getCreationTime());
       }
   }

By the way, I had to make some minor changes to
trunk/samples/spring/pom.xml before I could run the application:

--- pom.xml     (revision 761927)
+++ pom.xml     (working copy)
@@ -85,10 +85,12 @@
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
+            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
+            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
@@ -98,6 +100,21 @@
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
        </dependency>
+
+        <dependency>
+            <groupId>hsqldb</groupId>
+            <artifactId>hsqldb</artifactId>
+            <version>${hsqldbVersion}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <version>1.2</version>
+            <scope>runtime</scope>
+        </dependency>
+
    </dependencies>


regards,
Maarten

Reply | Threaded
Open this post in threaded view
|

Re: KiHttpSession.invalidate() doesn't seem to work

Les Hazlewood-2
P.S.  Thanks for the pom changes, they worked perfectly!

On Fri, Apr 17, 2009 at 7:01 PM, Les Hazlewood <[hidden email]> wrote:
Hi Maarten,

I finally had time to try this out.  I do indeed see what you're describing - it is probably an invalid cache configuration on my part.  I'll play with it a bit and see what I did wrong.

Cheers,

Les


On Tue, Apr 7, 2009 at 6:14 PM, Maarten Bosteels <[hidden email]> wrote:
Hello,

I am trying out the spring-sample on trunk.

URL: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/samples/spring
Revision: 761927

* login as user1
* set value = ABC
* logout
* login as user2 (same browser)
=> I see the value saved by user1 (and the same session id)

I've observed this behavior on tomcat 5.5.23, tomcat 6.0.18 and with
maven jetty:run

I added some logging in LoginController and LogoutController and this
is the output:

2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session=org.apache.ki.web.servlet.KiHttpSession@1429c57
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.getCreationTime()=1239141131962
...
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session=org.apache.ki.web.servlet.KiHttpSession@46752d
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.getCreationTime()=1239141131962

   private void logSession(String when, HttpServletRequest request) {
       HttpSession session = request.getSession(false);
       logger.info(when + ": session=" + session);
       if (session != null) {
         logger.info(when + ": session.id=" + session.getId());
         logger.info(when + ": session.getCreationTime()=" +
session.getCreationTime());
       }
   }

By the way, I had to make some minor changes to
trunk/samples/spring/pom.xml before I could run the application:

--- pom.xml     (revision 761927)
+++ pom.xml     (working copy)
@@ -85,10 +85,12 @@
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
+            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
+            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
@@ -98,6 +100,21 @@
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
        </dependency>
+
+        <dependency>
+            <groupId>hsqldb</groupId>
+            <artifactId>hsqldb</artifactId>
+            <version>${hsqldbVersion}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <version>1.2</version>
+            <scope>runtime</scope>
+        </dependency>
+
    </dependencies>


regards,
Maarten


Reply | Threaded
Open this post in threaded view
|

Re: KiHttpSession.invalidate() doesn't seem to work

Les Hazlewood-2
Hi Maarten,

It looks like you found a bug that I introduced last week.  But I've committed a fix. Please update the trunk and try again.  Thanks so much for pointing this out!

Cheers,

Les

On Fri, Apr 17, 2009 at 7:02 PM, Les Hazlewood <[hidden email]> wrote:
P.S.  Thanks for the pom changes, they worked perfectly!


On Fri, Apr 17, 2009 at 7:01 PM, Les Hazlewood <[hidden email]> wrote:
Hi Maarten,

I finally had time to try this out.  I do indeed see what you're describing - it is probably an invalid cache configuration on my part.  I'll play with it a bit and see what I did wrong.

Cheers,

Les


On Tue, Apr 7, 2009 at 6:14 PM, Maarten Bosteels <[hidden email]> wrote:
Hello,

I am trying out the spring-sample on trunk.

URL: https://svn.apache.org/repos/asf/incubator/jsecurity/trunk/samples/spring
Revision: 761927

* login as user1
* set value = ABC
* logout
* login as user2 (same browser)
=> I see the value saved by user1 (and the same session id)

I've observed this behavior on tomcat 5.5.23, tomcat 6.0.18 and with
maven jetty:run

I added some logging in LoginController and LogoutController and this
is the output:

2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session=org.apache.ki.web.servlet.KiHttpSession@1429c57
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:18,968 INFO
[org.apache.ki.samples.spring.web.LogoutController] - after session
invalidated: session.getCreationTime()=1239141131962
...
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session=org.apache.ki.web.servlet.KiHttpSession@46752d
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.id=27c182a9-093a-4d94-8525-89828c8f40fe
2009-04-07 23:52:21,612 INFO
[org.apache.ki.samples.spring.web.LoginController] - before login:
session.getCreationTime()=1239141131962

   private void logSession(String when, HttpServletRequest request) {
       HttpSession session = request.getSession(false);
       logger.info(when + ": session=" + session);
       if (session != null) {
         logger.info(when + ": session.id=" + session.getId());
         logger.info(when + ": session.getCreationTime()=" +
session.getCreationTime());
       }
   }

By the way, I had to make some minor changes to
trunk/samples/spring/pom.xml before I could run the application:

--- pom.xml     (revision 761927)
+++ pom.xml     (working copy)
@@ -85,10 +85,12 @@
        <dependency>
            <groupId>org.slf4j</groupId>
            <artifactId>slf4j-log4j12</artifactId>
+            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>log4j</groupId>
            <artifactId>log4j</artifactId>
+            <scope>runtime</scope>
        </dependency>
        <dependency>
            <groupId>org.springframework</groupId>
@@ -98,6 +100,21 @@
            <groupId>org.springframework</groupId>
            <artifactId>spring-webmvc</artifactId>
        </dependency>
+
+        <dependency>
+            <groupId>hsqldb</groupId>
+            <artifactId>hsqldb</artifactId>
+            <version>${hsqldbVersion}</version>
+            <scope>runtime</scope>
+        </dependency>
+
+        <dependency>
+            <groupId>javax.servlet</groupId>
+            <artifactId>jstl</artifactId>
+            <version>1.2</version>
+            <scope>runtime</scope>
+        </dependency>
+
    </dependencies>


regards,
Maarten