Details
Description
In several places in the framework we use the ExternalContext.getSessionMap() API. According to the JavaDoc for this method:
"Accessing attributes via this Map must cause the creation of a session associated with the current request, if such a session does not already exist."
The spec also notes that the proper way to ensure that a session is already available is to call ExternalContext.getSession(false) before calling getSessionMap(). According to code at the time when this JIRA was created, the getSessionMap() method is used in the following places of the core framework:
core (6 usages)
org.icefaces.application (1 usage)
ResourceRegistry (1 usage)
addSessionResource(Resource) (1 usage)
(188, 39) .getExternalContext().getSessionMap(), resource );
org.icefaces.impl.application (3 usages)
LazyPushManager (1 usage)
getState(FacesContext) (1 usage)
(85, 55) Map sessionMap = context.getExternalContext().getSessionMap();
SessionTimeoutMonitor (1 usage)
isResourceRequest(FacesContext) (1 usage)
(50, 42) Map sessionMap = externalContext.getSessionMap();
WindowScopeManager (1 usage)
getState(FacesContext) (1 usage)
(311, 42) Map sessionMap = externalContext.getSessionMap();
org.icefaces.impl.push (1 usage)
SessionViewManager (1 usage)
getState(FacesContext) (1 usage)
(89, 55) Map sessionMap = context.getExternalContext().getSessionMap();
org.icefaces.impl.util (1 usage)
CharacterEncodingHandler (1 usage)
calculateCharacterEncoding(FacesContext) (1 usage)
(118, 47) charEnc = (String) extContext.getSessionMap().get(ViewHandler.CHARACTER_ENCODING_KEY);
"Accessing attributes via this Map must cause the creation of a session associated with the current request, if such a session does not already exist."
The spec also notes that the proper way to ensure that a session is already available is to call ExternalContext.getSession(false) before calling getSessionMap(). According to code at the time when this JIRA was created, the getSessionMap() method is used in the following places of the core framework:
core (6 usages)
org.icefaces.application (1 usage)
ResourceRegistry (1 usage)
addSessionResource(Resource) (1 usage)
(188, 39) .getExternalContext().getSessionMap(), resource );
org.icefaces.impl.application (3 usages)
LazyPushManager (1 usage)
getState(FacesContext) (1 usage)
(85, 55) Map sessionMap = context.getExternalContext().getSessionMap();
SessionTimeoutMonitor (1 usage)
isResourceRequest(FacesContext) (1 usage)
(50, 42) Map sessionMap = externalContext.getSessionMap();
WindowScopeManager (1 usage)
getState(FacesContext) (1 usage)
(311, 42) Map sessionMap = externalContext.getSessionMap();
org.icefaces.impl.push (1 usage)
SessionViewManager (1 usage)
getState(FacesContext) (1 usage)
(89, 55) Map sessionMap = context.getExternalContext().getSessionMap();
org.icefaces.impl.util (1 usage)
CharacterEncodingHandler (1 usage)
calculateCharacterEncoding(FacesContext) (1 usage)
(118, 47) charEnc = (String) extContext.getSessionMap().get(ViewHandler.CHARACTER_ENCODING_KEY);
There are some usages in the components but I assume that they are fine to use as they shouldn't be called if the session has truly expired. This may also be true of some of the usages in the core as well.