Mantis - Resin
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
3715 minor always 10-16-09 09:39 02-26-10 14:45
Reporter: emil Platform:  
Assigned To: alex OS:  
Priority: normal OS Version:  
Status: closed Product Version: 3.1.9  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 3.1.11  
Summary: 0003715: Session id reuse
Description: (rep by SHINOMIYA Nobuaki)

When I repeated that the session is create, session ID is recycled.

Environment:
  *The Cluster Sessions(memory-to-memory) is enabled .

    <resin:if test="${resin.professional}">
      <persistent-store type="cluster">
        <init path="work/httpd/session"/>
      </persistent-store>
    </resin:if>

    ........

    <session-config>
      <use-persistent-store>true</use-persistent-store>
      <always-save-session>true</always-save-session>
      <save-mode>after-request</save-mode>
      <reuse-session-id>false</reuse-session-id>
    </session-config>

  *Session ID exists in Cookie of a browser.

  *Resin 3.1.9

  *WinXP

In the access since the second times, This is always occur.

We create the servlet(attchement) that repeats the creation of the session for
+check.

Remark:
  * We don't check when The Cluster Sessions(DB)
  * It dosen't occur when <always-save-session> is false
  * It dosen't occur when the Session ID dosen't exist in Cookie of a browser.

attchement's files
  * The servlet to check : SessionServlet.java
  * The result of check : result.html
Steps To Reproduce:
Additional Information: Verified in Resin 3.1.9
Fixed in Resin 4.0.1

Reporter would like fix in 3.1 branch
Relationships
Attached Files:  SessionServlet.java [^] (2,382 bytes) 10-16-09 09:39

Notes
(0004443)
ferg   
02-18-10 13:53   
server/01ni
(0004448)
alex   
02-26-10 14:27   
server/01in.qa vs server/01ni.qa