Fixed bug that the first Simple RPC requests is not correctly dealt because of the

zhourenjian · zhourenjian · commit f8081a1e8a1d · 2007-05-03T04:35:12.000Z
session problem.

And now Simple RPC supports large request even when session cookie is disabled in 
browsers by using URL ";jsessionid=..." rewrite. If client developers do not like
";jsessionid=...", make sure add a line:
window["script.get.session.url"] = false;
diff --git a/sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCHttpServlet.java b/sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCHttpServlet.java
@@ -384,19 +384,19 @@ private String prepareScriptRequest(HttpServletRequest req, HttpServletResponse
 			return null;
 		}
 		
-		// clean dead session bodies
-		cleanSession(req);
-
-		// store request in session before the request is completed
-		HttpSession session = req.getSession();
-		
 		String attrName = "jzn" + scriptRequestID;
 		String attrTime = "jzt" + scriptRequestID;
 		String[] parts = null;
 		
 		boolean badRequest = false;
 		boolean toContinue = false;
+
+		// store request in session before the request is completed
+		HttpSession session = req.getSession();
 		synchronized (session) {
+			// clean dead session bodies
+			cleanSession(session);
+			
 			Object attr = session.getAttribute(attrName);
 			if (attr == null) {
 				parts = new String[partsCount];
@@ -409,14 +409,12 @@ private String prepareScriptRequest(HttpServletRequest req, HttpServletResponse
 				}
 			}
 			if (!badRequest) {
-				synchronized (parts) {
-					parts[curPart - 1] = request;
-					for (int i = 0; i < parts.length; i++) {
-						if (parts[i] == null) {
-							// not completed yet! just response and wait next request.
-							toContinue = true;
-							break;
-						}
+				parts[curPart - 1] = request;
+				for (int i = 0; i < parts.length; i++) {
+					if (parts[i] == null) {
+						// not completed yet! just response and wait next request.
+						toContinue = true;
+						break;
 					}
 				}
 				if (!toContinue) {
@@ -433,7 +431,13 @@ private String prepareScriptRequest(HttpServletRequest req, HttpServletResponse
 		if (toContinue) {
 			resp.setContentType("text/javascript");
 			//resp.setCharacterEncoding("utf-8");
-			resp.getWriter().write("net.sf.j2s.ajax.SimpleRPCRequest" +
+			PrintWriter writer = resp.getWriter();
+			if (curPart == 1) {
+				// Cookie may be disabled in client side!
+				writer.write("net.sf.j2s.ajax.SimpleRPCRequest" +
+						".xssSession(\"" + scriptRequestID + "\", \"" + session.getId() + "\");\r\n");
+			}
+			writer.write("net.sf.j2s.ajax.SimpleRPCRequest" +
 					".xssNotify(\"" + scriptRequestID + "\", \"continue\");");
 			return null;
 		}
@@ -446,18 +450,16 @@ private String prepareScriptRequest(HttpServletRequest req, HttpServletResponse
 		return buf.toString();
 	}
 	
-	private void cleanSession(HttpServletRequest req) {
-		HttpSession ses = req.getSession(false);
-		if (ses != null) { // try to clean expired request!
-			Enumeration attrNames = ses.getAttributeNames();
-			while (attrNames.hasMoreElements()) {
-				String name = (String) attrNames.nextElement();
-				if (name.startsWith("jzt")) {
-					Date dt = (Date) ses.getAttribute(name);
-					if (new Date().getTime() - dt.getTime() > maxXSSRequestLatency()) {
-						ses.removeAttribute(name);
-						ses.removeAttribute("jzn" + name.substring(3));
-					}
+	private void cleanSession(HttpSession ses) {
+		// try to clean expired request!
+		Enumeration attrNames = ses.getAttributeNames();
+		while (attrNames.hasMoreElements()) {
+			String name = (String) attrNames.nextElement();
+			if (name.startsWith("jzt")) {
+				Date dt = (Date) ses.getAttribute(name);
+				if (new Date().getTime() - dt.getTime() > maxXSSRequestLatency()) {
+					ses.removeAttribute(name);
+					ses.removeAttribute("jzn" + name.substring(3));
 				}
 			}
 		}
diff --git a/sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCRequest.java b/sources/net.sf.j2s.ajax/ajaxrpc/net/sf/j2s/ajax/SimpleRPCRequest.java
@@ -160,6 +160,7 @@ protected static boolean checkXSS(String url, String serialize, SimpleRPCRunnabl
  		var ua = navigator.userAgent.toLowerCase ();
  		if (ua.indexOf ("msie")!=-1 && ua.indexOf ("opera") == -1){
  			limit = 2048;
+ 			limit = 2048 - 44; // ;jsessionid=
  		}
  		limit -= url.length + 36; // 5 + 6 + 5 + 2 + 5 + 2 + 5;
  		var contents = [];
@@ -186,11 +187,33 @@ protected static boolean checkXSS(String url, String serialize, SimpleRPCRunnabl
 		} else {
 			contents[0] = content;
 		}
- 		for (var i = 0; i < contents.length; i++) {
+		g.idSet["x" + rnd] = contents;
+		// Only send the first request, later server return "continue", and client will get
+		// the session id and continue later requests.
+ 		net.sf.j2s.ajax.SimpleRPCRequest.callByScript(rnd, contents.length, 0, contents[0]);
+ 		contents[0] = null;
+ 		return true; // cross site script!
+ 	}
+ }
+		 */ { }
+		 return false;
+	}
+	
+	static void callByScript(String rnd, String length, String i, String content) {
+		/**
+		 * @j2sNative
+var g = net.sf.j2s.ajax.SimpleRPCRequest;
+var runnable = g.idSet["o" + rnd];
+if (runnable == null) return;
+var url = runnable.getHttpURL();
+var session = g.idSet["s" + rnd];
+if (session != null && window["script.get.session.url"] != false) {
+	url += ";jsessionid=" + session;
+}
  			var script = document.createElement ("SCRIPT");
  			script.type = "text/javascript";
- 			script.src = url + "?jzn=" + rnd + "&jzp=" + contents.length 
- 					+ "&jzc=" + (i + 1) + "&jzz=" + contents[i];
+ 			script.src = url + "?jzn=" + rnd + "&jzp=" + length 
+ 					+ "&jzc=" + (i + 1) + "&jzz=" + content;
  			if (typeof (script.onreadystatechange) == "undefined") { // W3C
 	 			script.onerror = function () {
 	 				this.onerror = null;
@@ -223,12 +246,25 @@ protected static boolean checkXSS(String url, String serialize, SimpleRPCRunnabl
 	 		}
  			var head = document.getElementsByTagName ("HEAD")[0];
  			head.appendChild (script);
- 		}  
- 		return true; // cross site script!
- 	}
- }
-		 */ { }
-		 return false;
+		 */ {}
+	}
+	
+	static void sendRestRequests(String nameID) {
+		/**
+		 * The following codes may be modified to send out requests one by one.  
+		 * @j2sNative
+		 * var g = net.sf.j2s.ajax.SimpleRPCRequest;
+		 * var xcontent = g.idSet["x" + nameID]; 
+		 * if (xcontent != null) {
+		 * 	for (var i = 0; i < xcontent.length; i++) {
+		 * 		if (xcontent[i] != null) {
+		 * 			g.callByScript(nameID, xcontent.length, i, xcontent[i]);
+		 * 			xcontent[i] = null;
+		 * 		}
+		 * 	}  
+		 * 	g.idSet["x" + nameID] = null;
+		 * }
+		 */ {}
 	}
 	
 	/**
@@ -258,13 +294,27 @@ static void xssNotify(String nameID, String response) {
 	}
 }
 		 */ { }
-		if (response == "continue") return;
+		if (response == "continue") {
+			boolean restNotEmpty = false;
+			/**
+			 * @j2sNative
+			 * var g = net.sf.j2s.ajax.SimpleRPCRequest;
+			 * if (g.idSet["x" + nameID] != null) {
+			 * 	restNotEmpty = true; 
+			 * }
+			 */ {}
+			if (restNotEmpty) sendRestRequests(nameID);
+			return;
+		}
 		SimpleRPCRunnable runnable = null;
 		/**
 		 * @j2sNative
 var g = net.sf.j2s.ajax.SimpleRPCRequest;
 runnable = g.idSet["o" + nameID];
 g.idSet["o" + nameID] = null;
+if (g.idSet["s" + nameID] != null) {
+	g.idSet["s" + nameID] = null;
+}
 if (response == null && runnable != null) { // error!
 	runnable.ajaxFail();
 	return;
@@ -305,4 +355,12 @@ static void xssNotify(String nameID, String response) {
 			runnable.ajaxOut();
 		}
 	}
+	
+	static void xssSession(String nameID, String sessionID) {
+		/**
+		 * @j2sNative
+		 var g = net.sf.j2s.ajax.SimpleRPCRequest;
+		 g.idSet["s" + nameID] = sessionID;
+		 */ {}
+	}
 }
