The www site and rhn have a single cookie that is set so that a logged in user is logged into both sites. The Java code is not yet setting that cookie.
assign to chip.
this should be in with the caveat that right now it doesn't respect SSL since we have no way to work with SSL in the current development environment. closing this bug, opening a bug regarding ssl.
There were comments made on this commit that have not been resolved yet. Modified: trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java > =================================================================== > --- trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java 2004-09-03 20:00:16 UTC (rev 1132) > +++ trunk/code/src/com/redhat/rhn/domain/session/SessionImpl.java 2004-09-03 22:44:38 UTC (rev 1133) > @@ -25,7 +25,7 @@ > private long id; > private String value; > private long expires; > - private long webUserId; > + private Long webUserId; > private Map valueMap; > private User user; > > @@ -64,7 +64,7 @@ > * Gets the current value of web_user_id > * @return long - the current value > */ > - public long getWebUserId() { > + public Long getWebUserId() { > return webUserId; > } > > @@ -72,9 +72,11 @@ > * Sets the value of web_user_id to new value > * @param idIn New value for id > */ > - public void setWebUserId(long idIn) { > + public void setWebUserId(Long idIn) { > + if (idIn != null && idIn.longValue() == 0) { > + throw new RuntimeException("no such thing as user 0!"); > + } Please, do not throw RuntimeException. > Copied: trunk/code/src/com/redhat/rhn/frontend/util/LoginUtil.java (from rev 1129, trunk/code/src/com/redhat/rhn/frontend/action/LoginUtil.java) > =================================================================== > --- trunk/code/src/com/redhat/rhn/frontend/action/LoginUtil.java 2004-09-03 13:45:32 UTC (rev 1129) > +++ trunk/code/src/com/redhat/rhn/frontend/util/LoginUtil.java 2004-09-03 22:44:38 UTC (rev 1133) > @@ -0,0 +1,99 @@ > +/** > + * Copyright (c) 2004 Red Hat, Inc. > + * All Rights Reserved. > + * > + * This software is the confidential and proprietary information of > + * Red Hat, Inc. ("Confidential Information"). You shall not > + * disclose such Confidential Information and shall use it only in > + * accordance with the terms of the license agreement you entered into > + * with Red Hat. > + */ > +package com.redhat.rhn.frontend.util; > + > +import com.redhat.rhn.common.conf.Config; > +import com.redhat.rhn.common.security.SessionSwap; > +import com.redhat.rhn.domain.session.Session; > +import com.redhat.rhn.domain.session.SessionFactory; > +import com.redhat.rhn.manager.session.SessionManager; > + > +import java.util.Date; > + > +import javax.servlet.http.Cookie; > +import javax.servlet.http.HttpServletRequest; > +import javax.servlet.http.HttpServletResponse; > +import javax.servlet.http.HttpSession; > + > +/** > + * LoginUtil > + * @version $Rev$ > + */ > +public class LoginUtil { > + /** the name of the Red Hat auth token */ > + public static final String AUTH_COOKIE_NAME = "rh_auth_token"; > + > + private LoginUtil() { > + } > + > + /** utility function to retrieve a given user's session, or, if it > + * doesn't exist, create it */ > + > + public static Session findUserSession(HttpServletRequest request) { > + HttpSession session = request.getSession(); > + Long sessionId = (Long)session.getAttribute("session_id"); > + > + Session s = null; > + long expirationTime = SessionManager.timeoutValue(); > + > + if (sessionId != null) { > + s = SessionFactory.lookupById(sessionId, null); You didn't handle the null return here. That means that this method can easily return null, which will cause an NPE in other code. Either don't pass in anything, pass in an Exception, or handle the null case.
Looks like the first RuntimeException already was changed to an IllegalArgumentException. Also, the second issue is not an issue -- two lines later, a check to see if 's' is null is performed (which can happen either if there is no sessionId at all, or if the lookup failed and returned a null).