Lightrun
question-mark
Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Context.sessionAttribute should not create a new session

See original GitHub issue

Actual behavior (the bug)

When using ctx.sessionAttribute(String key), this can create a new session, if no session exists yet. While this is generally not much of a problem, this leads to an IllegalStateException when called in a request logger, where the response is already committed. See here for the code in Jetty Request class, https://github.com/eclipse/jetty.project/blob/jetty-9.4.x/jetty-server/src/main/java/org/eclipse/jetty/server/Request.java#L1599-L1637

I know changing this would lead to BWC breaking behaviour, so I figured we should first talk about this before I do a PR 😃

Expected behavior Retrieving the session so no new sessions gets created. My current workaround is

final HttpSession session = ctx.req.getSession(false);
if (session != null && session.getAttribute("user") instanceof User user) {
    // do sth fancy here...
}

To Reproduce Call `ctx.sessionAttribute(“whatever”) in a request logger when your request has not done any session handling so far.

Issue Analytics

  • State:closed
  • Created 2 years ago
  • Comments:5 (5 by maintainers)

github_iconTop GitHub Comments

2reactions
tipsycommented, Jan 20, 2022

Adjusting for your last comments, it becomes:

req.getSession(false)?.getAttribute("user") // get attribute (note the ?)
req.getSession(true).getAttribute("user", user) // set attribute

Setting will create, but reading will not. Attempting to read a session attribute if no session attribute has been set will result in a null value (not a nullpointer).

This sounds acceptable, but it could potentially break existing apps. It doesn’t sound very likely that it will though? 🤔

0reactions
spinscalecommented, Jan 20, 2022

Yes, checking for the session being null in ctx.sessionAttribute("user") and returning null as well, if the session has not been created, otherwise the same behaviour as before.

Read more comments on GitHub >

github_iconTop Results From Across the Web

How to use Session attributes in Spring-mvc - Stack Overflow
Any object can be added to the model in controller and it will stored in session if its name matches with the argument...
Read more >
Session Attributes in Spring MVC - Baeldung
Since there is no session when the context initializes, Spring will create a proxy of TodoList to inject as a dependency.
Read more >
Setting Session Attributes - Amazon Lex - AWS Documentation
Session attributes contain application-specific information that is passed between a bot and a client application during a session.
Read more >
Spring Security Session - How to Control Session with Spring ...
ALWAYS – Session will always be created (if it does not exist). ... session created by your application outside of Spring security context....
Read more >
Chapter 4 Creating and Managing User Sessions
To create a new session or to gain access to an existing session, use the HttpServletRequest method getSession(), as shown in the following...
Read more >

github_iconTop Related Medium Post

No results found

github_iconTop Related StackOverflow Question

No results found

github_iconTroubleshoot Live Code

Lightrun enables developers to add logs, metrics and snapshots to live code - no restarts or redeploys required.
Start Free

github_iconTop Related Reddit Thread

No results found

github_iconTop Related Hackernoon Post

No results found

github_iconTop Related Tweet

No results found

github_iconTop Related Dev.to Post

No results found

github_iconTop Related Hashnode Post

No results found
Previous page

Javalin 5.0 Roadmap

Next page

Possible to get 'total bytes sent' and 'stream end' from ctx.seekableStream ?