Mantis - Resin
Viewing Issue Advanced Details
ID: Category: Severity: Reproducibility: Date Submitted: Last Update:
4993 minor always 03-20-12 23:01 06-13-12 16:55
Reporter: rickHigh Platform:  
Assigned To: ferg OS:  
Priority: normal OS Version:  
Status: closed Product Version:  
Product Build: Resolution: fixed  
Projection: none      
ETA: none Fixed in Version: 4.0.28  
Summary: 0004993: Session timeout issue when using CauchoRequestWrapper instead of HttpServletRequestWrapper
Description: I was able to replicate this with sample Struts app sent by customer as well as one that I wrote using Servlet API only.

In the process of creating qa test that reproduces the issue in the test harness.
Steps To Reproduce:
Additional Information: package qa;

import java.io.IOException;
import javax.servlet.ServletException;
import javax.servlet.annotation.WebServlet;
import javax.servlet.http.HttpServlet;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;

@WebServlet("/login")
public class LoginServlet extends HttpServlet {

    protected void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
        String user = request.getParameter("user");
        String pass= request.getParameter("pass");
        if (user!=null && user.equals(pass)) {
            request.getSession().setAttribute("login", 1);
            response.getWriter().print("ok");
        }else if (user!=null && !user.equals(pass)){
            response.sendError(HttpServletResponse.SC_UNAUTHORIZED);
        } else {
            response.getWriter().print("login is " + request.getSession().getAttribute("login"));
        }
    }
}



package qa;

import java.io.IOException;

import javax.servlet.Filter;
import javax.servlet.FilterChain;
import javax.servlet.FilterConfig;
import javax.servlet.ServletException;
import javax.servlet.ServletRequest;
import javax.servlet.ServletResponse;
import javax.servlet.http.HttpServletRequest;

public class MyFilter implements Filter
{
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain)
        throws IOException, ServletException {
        System.out.println("before");
        chain.doFilter(new RequestWrapper((HttpServletRequest) request), response);
        System.out.println("after");
    }

    @Override
    public void destroy() {
    }

    @Override
    public void init(FilterConfig a) throws ServletException {
    }
}



package qa;


import javax.servlet.http.HttpServletRequest;
//import javax.servlet.http.HttpServletRequestWrapper;

import com.caucho.server.http.CauchoRequestWrapper;

public class RequestWrapper extends CauchoRequestWrapper
{
    
    public RequestWrapper(HttpServletRequest request) {
        super(request);
    }


}


The above works with extending HttpServletRequestWrapper but not with CauchoRequestWrapper.

Symtoms are that the sessionImpl does not timeout. The use reference counter keeps increasing.


<web-app xmlns="http://caucho.com/ns/resin"> [^]


    <session-config use-persistent-store="false"
                    reuse-session-id="false"
                    invalidate-after-listener="false"
                    cookie-secure="false"
                    session-max="5000"
                    session-timeout="2"
                    enable-url-rewriting="false"/>

    <filter>
        <filter-name>filter</filter-name>
        <filter-class>qa.MyFilter</filter-class>
    </filter>
    <filter-mapping>
        <filter-name>filter</filter-name>
        <url-pattern>/*</url-pattern>
    </filter-mapping>

</web-app>
Relationships
Attached Files:

Notes
(0005713)
rickHigh   
03-20-12 23:56   
$ svn commit -m "Added two test cases for issue 4993. One test case uses CauchoRequestWrapper and fails to timeout properly, the other test case uses HttpServletRequestWrapper and does time out properly"
rick@svn.caucho.com's password:
Adding server/015s.qa
Adding server/015t.qa