https://issues.apache.org/bugzilla/show_bug.cgi?id=48818
Summary: Request.getSession() can return null
Product: Tomcat 5
Version: 5.5.27
Platform: PC
OS/Version: Windows XP
Status: NEW
Severity: normal
Priority: P2
Component: Catalina
AssignedTo: dev@tomcat.apache.org
ReportedBy: opensou...@kestle.net
Request.doGetSession() has all sorts of areas it returns null even though the
api docs state:
"Returns the current session associated with this request, or if the request
does not have a session, creates one."
Since we expect something that's not null, we're getting NPE's in our testing,
which exposes a risk that all our production sites may do the same.
There is not so much as a warn log to indicate when this violation occurs. If
it's a request that can't be serviced, then throw an exception.
Alternatively, return a "null" session implementation that is empty. Better
would be have configuration between the two (since the null session would just
defer the NPE in many situations).
--
Configure bugmail: https://issues.apache.org/bugzilla/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org
