This content has been marked as final.
Show 2 replies
-
1. Re: Is it valid to call session.invalidate() as part of request.logout()? (via custom extension)
pferraro Feb 15, 2017 9:10 AM (in response to psiroky)Your expectations are correct. HttpServletRequest.getSession(false) should only ever return a valid session, or null. That said, there is nothing preventing the session from being concurrently invalidated (by a concurrent request), thus there is no way to guarantee that a session reference doesn't become invalid. I seem to recall that this situation was rectified at some point in the Undertow 1.4.x branch, so you can try manually upgrading undertow to 1.4.10.Final. If this is still an issue, please file a bug report.
-
2. Re: Is it valid to call session.invalidate() as part of request.logout()? (via custom extension)
psiroky Feb 15, 2017 12:14 PM (in response to pferraro)Thanks pferraro! I've tried with Undertow 1.4.8.Final and the issue is indeed fixed there.