-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 12/11/19 12:52, Mark Thomas wrote: > On 11/12/2019 17:46, Christopher Schultz wrote: Mark, > > On 12/7/19 17:30, ma...@apache.org wrote: >>>> This is an automated email from the ASF dual-hosted git >>>> repository. >>>> >>>> markt pushed a commit to branch 7.0.x in repository >>>> https://gitbox.apache.org/repos/asf/tomcat.git >>>> >>>> commit c06674e09e9f3f43dc0e5c022dc8c311a4285cfd Author: Mark >>>> Thomas <ma...@apache.org> AuthorDate: Fri Dec 6 12:13:15 2019 >>>> +0000 >>>> >>>> Add an atomic method to rotate session ID and return new >>>> value. >>>> >>>> Use it where possible. > > Shouldn't there be a "synchronized" keyword somewhere in there? > >> Not to solve the problem the commit was intended to solve. > >> Maybe the commit message wasn't worded in the best way to >> describe what was going on. > >> The key thing here is that the new session ID that was created as >> a result of this call is the one that is returned to the caller. Ack. Thanks, - -chris >>>> --- java/org/apache/catalina/connector/Request.java | 27 >>>> +++++++++++++++++++++++ >>>> java/org/apache/catalina/session/ManagerBase.java | 15 >>>> +++++++++++-- 2 files changed, 40 insertions(+), 2 >>>> deletions(-) >>>> >>>> diff --git a/java/org/apache/catalina/connector/Request.java >>>> b/java/org/apache/catalina/connector/Request.java index >>>> a0726ee..ab4e5f0 100644 --- >>>> a/java/org/apache/catalina/connector/Request.java +++ >>>> b/java/org/apache/catalina/connector/Request.java @@ -74,6 >>>> +74,7 @@ import org.apache.catalina.core.ApplicationPart; >>>> import >>>> org.apache.catalina.core.ApplicationSessionCookieConfig; >>>> import org.apache.catalina.core.AsyncContextImpl; import >>>> org.apache.catalina.realm.GenericPrincipal; +import >>>> org.apache.catalina.session.ManagerBase; import >>>> org.apache.catalina.util.ParameterMap; import >>>> org.apache.catalina.util.RequestUtil; import >>>> org.apache.catalina.util.StringParser; @@ -2702,6 +2703,32 >>>> @@ public class Request implements HttpServletRequest { } >>>> >>>> >>>> + public String changeSessionId() { + + Session >>>> session = this.getSessionInternal(false); + if >>>> (session == null) { + throw new IllegalStateException( + >>>> sm.getString("coyoteRequest.changeSessionId")); + } + >>>> + Manager manager = this.getContext().getManager(); + + >>>> String newSessionId = rotateSessionId(manager, session); + >>>> this.changeSessionId(newSessionId); + + return >>>> newSessionId; + } + + private String >>>> rotateSessionId(Manager manager, Session session) { + >>>> if (manager instanceof ManagerBase) { + return >>>> ((ManagerBase) manager).rotateSessionId(session); + } >>>> else { + // Best we do with the current interface + >>>> manager.changeSessionId(session); + return >>>> session.getId(); + } + } + /** * @return the >>>> session associated with this Request, creating one * if >>>> necessary and requested. diff --git >>>> a/java/org/apache/catalina/session/ManagerBase.java >>>> b/java/org/apache/catalina/session/ManagerBase.java index >>>> e4121a6..8022d08 100644 --- >>>> a/java/org/apache/catalina/session/ManagerBase.java +++ >>>> b/java/org/apache/catalina/session/ManagerBase.java @@ >>>> -851,9 +851,20 @@ public abstract class ManagerBase extends >>>> LifecycleMBeanBase implements Manager >>>> >>>> @Override public void changeSessionId(Session session) { + >>>> rotateSessionId(session); + } + + + public String >>>> rotateSessionId(Session session) { + String newId = >>>> generateSessionId(); + changeSessionId(session, >>>> newId); + return newId; + } + + + public void >>>> changeSessionId(Session session, String newId) { String oldId >>>> = session.getIdInternal(); - >>>> session.setId(generateSessionId(), false); - String >>>> newId = session.getIdInternal(); + >>>> session.setId(newId, false); >>>> container.fireContainerEvent(Context.CHANGE_SESSION_ID_EVENT, >>>> new String[] {oldId, newId}); } >>>> >>>> >>>> ------------------------------------------------------------------- - -- >>>> >>>> > >>>> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >>>> For additional commands, e-mail: dev-h...@tomcat.apache.org >>>> >> >> --------------------------------------------------------------------- >> >> To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org >> For additional commands, e-mail: dev-h...@tomcat.apache.org >> > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3xQToACgkQHPApP6U8 pFg/5BAApLUOHwQXbBxEkEshvmLw/slDMXihnR/ZP5tQuujjnwcjMmGNCTEgdxtI cMDfRLYBiXhF3T+lOGrdFCnnTHEvXFg3Pbspy5FZobK8vvgR4JOqZa5liYGPG6iq 62b9U2zrMPDihwBQ/qOCD5TwP+r6MeOC1MrLEwWZfCAM+TZlTSZqg6A+M2HMWdj9 X0BR+H2vaUy8m9MrC0TQXYDfYKsJXTOWLHNG7+WviWNN6LJXywxVeaie7X4x687g hQOvZIu5wU4dcsHUbcH+8Eo1G2HeG9Y61YL2EvzWtDwJ9CF3sX68EV12wDl1oV5M hEljbWrMuoZrt4/WDIW4QndUUsVJNxTJDnhYxGjocD3o58CI2QcUbhjN7qT3rAWN 4MJtOIGr4HoPDhKbPskibi+yJvK7DLSp5C0xwE+mJFC7vwng3NTchvkhjls7YMs5 MAEUgDOgSP+Nipa6h89WCtzxO557D10dLhdVuqfCeiXcDMOMR8cHz9zel2hfmtHI 4d4WSY+laNnJOxlB1oXMkgmnGicFWz09Hk5jvth+0gkge9+32z9AQ16kcCUGvT5M i61Vat/tAy9FLf32TFXRVubYLprsRFJRYy/GypBKMIA3Ob3JJ9392bDkcT9F8t9o 6ob43RjrYz1rU7TN13yBz5lyfmkml5BdQiXSm1jm7lgy+gaA9k8= =zJ3K -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
