ASF Bugzilla – Attachment 30798 Details for
Bug 55521
Race Condition in HttpSession#invalidate() / HttpServletRequest#getSession(boolean)
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
code flow that exhibits the race condition
SessionFixationProtectionRaceCondition.txt (text/plain), 3.83 KB, created by
Christoph
on 2013-09-04 10:24:05 UTC
(
hide
)
Description:
code flow that exhibits the race condition
Filename:
MIME Type:
Creator:
Christoph
Created:
2013-09-04 10:24:05 UTC
Size:
3.83 KB
patch
obsolete
>Thread A Thread B > >| | >session.invalidate() | >| | >+- StandardSession#invalidate() | > | | > +- StandardSession#expire() | > | | > +- StandardSession#expire(true) | > | | > if (expiring || !isValid) { } --> false | > | | > synchronized(this) { | > | | > ... | > | | > expiring = true; | > | | > ... (many things happening) session.invalidate() > | | > | +- StandardSession#invalidate() > | | > | StandardSession#expire() > | | > | +- StandardSession#expire(true) > | | > | if (expiring || !isValid) return; --> true > | | > | +-----+ > | | > | session = request.getSession(true) > | | > | +- ApplicationHttpRequest#getSession(true) > | | > | if (crossContext) { --> true > | | > | ... > | | > | if (session != null && session.isValid()) { --> true > | | > | return (session.getSession()); > | | > | } > | | > | } > | | > | +--+ > | | > | | // now session refers to the same object as befor an object in state "expiring" > setValid(false) | > | | > ... | > | | > expiring = false; | > | | > } // end of synchronization block | > | | // now session refers to an invalidated object >+--------+ |
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=30798">View the attachment on a separate page</a>.</b>
View Attachment As Raw
Actions:
View
Attachments on
bug 55521
: 30798