From 6287be37d8d06c320215c45f7e2b8380411692e0 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Sat, 7 Nov 2015 21:47:07 +0000
Subject: [PATCH] Handle the unlikely case where different versions of a web
 application are deployed with different session settings

git-svn-id: https://svn.apache.org/repos/asf/tomcat/tc7.0.x/trunk@1713187 13f79535-47bb-0310-9956-ffa450edef68
---
 .../catalina/connector/CoyoteAdapter.java     |  3 ++
 .../apache/catalina/connector/Request.java    | 36 ++++++++++---------
 webapps/docs/changelog.xml                    |  4 +++
 3 files changed, 26 insertions(+), 17 deletions(-)

diff --git a/java/org/apache/catalina/connector/CoyoteAdapter.java b/java/org/apache/catalina/connector/CoyoteAdapter.java
index 6082559a0a34..ad9ad40d7b1d 100644
--- a/java/org/apache/catalina/connector/CoyoteAdapter.java
+++ b/java/org/apache/catalina/connector/CoyoteAdapter.java
@@ -781,6 +781,9 @@ protected boolean postParseRequest(org.apache.coyote.Request req,
                                 // Reset mapping
                                 request.getMappingData().recycle();
                                 mapRequired = true;
+                                // Recycle session info in case the correct
+                                // context is configured with different settings
+                                request.recycleSessionInfo();
                             }
                             break;
                         }
diff --git a/java/org/apache/catalina/connector/Request.java b/java/org/apache/catalina/connector/Request.java
index 98bf30828548..3746e30a61fa 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -500,18 +500,7 @@ public void recycle() {
         notes.clear();
         cookies = null;
 
-        if (session != null) {
-            try {
-                session.endAccess();
-            } catch (Throwable t) {
-                ExceptionUtils.handleThrowable(t);
-                log.warn(sm.getString("coyoteRequest.sessionEndAccessFail"), t);
-            }
-        }
-        session = null;
-        requestedSessionCookie = false;
-        requestedSessionId = null;
-        requestedSessionURL = false;
+        recycleSessionInfo();
 
         if (Globals.IS_SECURITY_ENABLED || Connector.RECYCLE_FACADES) {
             parameterMap = new ParameterMap<String, String[]>();
@@ -559,11 +548,24 @@ public void clearEncoders() {
     }
 
 
-    /**
-     * Clear cached encoders (to save memory for Comet requests).
-     */
-    public boolean read()
-        throws IOException {
+    protected void recycleSessionInfo() {
+        if (session != null) {
+            try {
+                session.endAccess();
+            } catch (Throwable t) {
+                ExceptionUtils.handleThrowable(t);
+                log.warn(sm.getString("coyoteRequest.sessionEndAccessFail"), t);
+            }
+        }
+        session = null;
+        requestedSessionCookie = false;
+        requestedSessionId = null;
+        requestedSessionURL = false;
+        requestedSessionSSL = false;
+    }
+
+
+    public boolean read() throws IOException {
         return (inputBuffer.realReadBytes(null, 0, 0) > 0);
     }
 
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index c795e63a4205..257275d351f1 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -127,6 +127,10 @@
         <bug>58582</bug>: Combined realm should perform background processing
         on its sub-realms. Based upon a patch provided by Aidan. (kkolinko)
       </fix>
+      <fix>
+        Handle the unlikely case where different versions of a web application
+        are deployed with different session settings. (markt)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Cluster">