SAK-18101 Apply AZ patch.

git-svn-id: https://source.sakaiproject.org/svn/courier/trunk@76618 66ffb92e-73f9-0310-93c1-f5514f145a0a
autocare · Apr 25, 2010 · cadfcf3 · cadfcf3
1 parent 9383d1c
commit cadfcf3
Showing 1 changed file with 49 additions and 42 deletions.
diff --git a/courier/courier-tool/tool/src/java/org/sakaiproject/courier/tool/CourierTool.java b/courier/courier-tool/tool/src/java/org/sakaiproject/courier/tool/CourierTool.java
@@ -75,53 +75,60 @@ public void destroy()
 	 */
 	protected void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException
 	{
-		// support two "/" separated parameters [1] and [2]) - both get presence updated, the first is the address for delivery (second optional)
-		String[] parts = req.getPathInfo().split("/");
-		if ((parts.length == 2) || (parts.length == 3))
-		{
-			String placementId = parts[1];
-
-			// get the Sakai session
-			Session session = SessionManager.getCurrentSession();
-
-			// if we are in a newly created session where we had an invalid (presumed timed out) session in the request,
-			// send script to cause a sakai top level redirect
-			if (ThreadLocalManager.get(SessionManager.CURRENT_INVALID_SESSION) != null)
+		String requestSessionId = req.getParameter("sessionId");
+		Session session = SessionManager.getCurrentSession();
+
+		if (requestSessionId == null || session.getId().equals(requestSessionId)) {
+			// support two "/" separated parameters [1] and [2]) - both get presence updated, the first is the address for delivery (second optional)
+			String[] parts = req.getPathInfo().split("/");
+
+			if ((parts.length == 2) || (parts.length == 3))
 			{
-				String loggedOutUrl = ServerConfigurationService.getLoggedOutUrl();
-				if (M_log.isDebugEnabled()) M_log.debug("sending top redirect: " + placementId + " : " + loggedOutUrl);
-				sendTopRedirect(res, loggedOutUrl);
+				String placementId = parts[1];
+
+				// if we are in a newly created session where we had an invalid (presumed timed out) session in the request,
+				// send script to cause a sakai top level redirect
+				if (ThreadLocalManager.get(SessionManager.CURRENT_INVALID_SESSION) != null)
+				{
+					String loggedOutUrl = ServerConfigurationService.getLoggedOutUrl();
+					if (M_log.isDebugEnabled()) M_log.debug("sending top redirect: " + placementId + " : " + loggedOutUrl);
+					sendTopRedirect(res, loggedOutUrl);
+				}
+
+				else
+				{
+					// compute our courier delivery address: this placement in this session
+					String deliveryId = session.getId() + placementId;
+
+					// find all deliveries for the requested deivery address
+					List deliveries = CourierService.getDeliveries(deliveryId);
+
+					// form the reply
+					sendDeliveries(res, deliveries);
+
+					// refresh our presence at the location (placement)
+					if (M_log.isDebugEnabled()) M_log.debug("setting presence: " + placementId);
+					PresenceService.setPresence(placementId);
+
+					// register another presence if present
+					if (parts.length == 3)
+					{
+						String secondPlacementId = parts[2];
+						if (M_log.isDebugEnabled()) M_log.debug("setting second presence: " + secondPlacementId);
+						PresenceService.setPresence(secondPlacementId);
+					}
+				}
 			}
-
+
+			// otherwise this is a bad request!
 			else
 			{
-				// compute our courier delivery address: this placement in this session
-				String deliveryId = session.getId() + placementId;
-
-				// find all deliveries for the requested deivery address
-				List deliveries = CourierService.getDeliveries(deliveryId);
-
-				// form the reply
-				sendDeliveries(res, deliveries);
-
-				// refresh our presence at the location (placement)
-				if (M_log.isDebugEnabled()) M_log.debug("setting presence: " + placementId);
-				PresenceService.setPresence(placementId);
-
-				// register another presence if present
-				if (parts.length == 3)
-				{
-					String secondPlacementId = parts[2];
-					if (M_log.isDebugEnabled()) M_log.debug("setting second presence: " + secondPlacementId);
-					PresenceService.setPresence(secondPlacementId);
-				}
+				M_log.warn("bad courier request: " + req.getPathInfo());
+				sendDeliveries(res, new Vector());
 			}
-		}
-
-		// otherwise this is a bad request!
-		else
-		{
-			M_log.warn("bad courier request: " + req.getPathInfo());
+		} else {
+			//this request was meant for a different session, don't honour it.
+			M_log.warn("out-of-session courier request: " + req.getPathInfo() + ". Expected session: " + session.getId());
 			sendDeliveries(res, new Vector());
 		}
 	}