diff options
-rw-r--r-- | server/src/com/vaadin/server/VaadinService.java | 21 |
1 files changed, 20 insertions, 1 deletions
diff --git a/server/src/com/vaadin/server/VaadinService.java b/server/src/com/vaadin/server/VaadinService.java index 17bce7ad15..c9a5f0974a 100644 --- a/server/src/com/vaadin/server/VaadinService.java +++ b/server/src/com/vaadin/server/VaadinService.java @@ -564,6 +564,9 @@ public abstract class VaadinService implements Serializable { * * @param wrappedSession * The session to lock + * + * @throws IllegalStateException + * if the session is invalidated before it can be locked */ protected void lockSession(WrappedSession wrappedSession) { Lock lock = getSessionLock(wrappedSession); @@ -584,6 +587,17 @@ public abstract class VaadinService implements Serializable { } } lock.lock(); + + try { + // Someone might have invalidated the session between fetching the + // lock and acquiring it. Guard for this by calling a method that's + // specified to throw IllegalStateException if invalidated + // (#12282) + wrappedSession.getAttribute(getLockAttributeName()); + } catch (IllegalStateException e) { + lock.unlock(); + throw e; + } } /** @@ -607,7 +621,12 @@ public abstract class VaadinService implements Serializable { WrappedSession wrappedSession = getWrappedSession(request, requestCanCreateSession); - lockSession(wrappedSession); + try { + lockSession(wrappedSession); + } catch (IllegalStateException e) { + throw new SessionExpiredException(); + } + try { return doFindOrCreateVaadinSession(request, requestCanCreateSession); } finally { |