2 Replies Latest reply on Jul 9, 2002 11:26 PM by Kevin Sit

    NPE when Jetty tries to scavenge old sessions

    Kevin Sit Newbie

      I installed JBoss 3.0.0 + Jetty package and I tried to configure Jetty to use a different random number generator for generating session IDs. I created a jetty-web.xml file and bundled it with my web app (I just put it under WEB-INF/). So here is my jetty-web.xml:

      <?xml version="1.0" encoding="UTF-8"?>
      <!DOCTYPE Configure PUBLIC "-//Mort Bay Consulting//DTD Configure 1.1//EN" "http://jetty.mortbay.org/configure_1_1.dtd">

      However, Jetty gave me a NPE when the session manager thread tried to scavenge old session data:

      at org.mortbay.jetty.servlet.AbstractSessionManager.scavenge(AbstractSessionManager.java:244)
      at org.mortbay.jetty.servlet.AbstractSessionManager.access$100(AbstractSessionManager.java:46)
      at org.mortbay.jetty.servlet.AbstractSessionManager$SessionScavenger.run(AbstractSessionManager.java:318)

      Did I do something wrong in jetty-web.xml or is it a bug in Jetty? And I have another question, is there any reason why the JBoss+Jetty combo chooses a relatively insecure scheme (i.e. system time) for generating session IDs?

      Any kind of help in this matter is appreciated. Thanks!