Bug 25234 - HttpSessionListener called twice on session expiration
Summary: HttpSessionListener called twice on session expiration
Alias: None
Product: Tomcat 5
Classification: Unclassified
Component: Catalina (show other bugs)
Version: 5.0.16
Hardware: All All
: P3 major (vote)
Target Milestone: ---
Assignee: Tomcat Developers Mailing List
: 25600 27273 (view as bug list)
Depends on:
Reported: 2003-12-05 08:44 UTC by Paul Harvey
Modified: 2004-11-16 19:05 UTC (History)
2 users (show)


Note You need to log in before you can comment on or make changes to this bug.
Description Paul Harvey 2003-12-05 08:44:52 UTC
HttpSessionListener called twice on session expiration.

After a (quick!) look at the source it seems to be being caused as 
processExpires (StandardManager.java) loops through the sessions calling 
isValid (StandardSession.java) on each.  Then isValid itself looks for timed 
out sessions and calls expires (StandardSession.java) where relevant which 
calls the listeners.  However then isValid returns (false) back to 
processExpires which then itself calls expire and so the listeners are fired a 
second time.
Comment 1 Paul Harvey 2003-12-05 09:23:00 UTC
I've just commented out the call to session.expire() in 
processExpires() - the listeners are now only called once.  However this is 
pretty naive - I have not traced things through to see if this will have any 
other undesirable side effects.
Comment 2 Remy Maucherat 2003-12-05 09:29:57 UTC
This sounds reasonable. The session expiration code hadn't been changed from
Tomcat 4.1, while isValid actually expires sessions when it is called (in TC
4.1, it didn't). This is obviously very easy to fix, and your fix seems logical.
Comment 3 Remy Maucherat 2003-12-17 21:56:35 UTC
*** Bug 25600 has been marked as a duplicate of this bug. ***
Comment 4 Remy Maucherat 2004-02-26 22:54:15 UTC
*** Bug 27273 has been marked as a duplicate of this bug. ***