ServletContext.getSessionTimeout() incorrectly throws IllegalStateException

[lprimak]

Jetty version(s) 10.0.11 and newer

Java version/vendor (use: java -version) Doesn't matter

OS type/version Doesn't matter

Description Jetty throws IllegalStateException when ServletContext.getSessionTimeout() is called from a servlet filter, or a plain servlet. This violates the servlet spec. See Javadoc: https://javadoc.io/static/javax.servlet/javax.servlet-api/4.0.1/javax/servlet/ServletContext.html#getSessionTimeout-- or the servlet spec.

No exception should be thrown and a valid session timeout (in minutes) should be returned instead.

How to reproduce? request.getServletContext().getSessionTimeout() in a servlet filter

[joakime]

Referenced code ...

https://github.com/eclipse/jetty.project/blob/jetty-10.0.11/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletContextHandler.java#L1423-L1438

https://github.com/eclipse/jetty.project/blob/d988aa016e0bb2de6fba84c1659049c72eae3e32/jetty-servlet/src/main/java/org/eclipse/jetty/servlet/ServletContextHandler.java#L1423-L1438

[joakime]

This is a curious one, as we pass the Servlet 4.0 TCK. Wonder if this isn't even tested for in the TCK?

[lprimak]

Probably not tested by the TCK… This also needs to work regardless if there is a session present

[lprimak]

bump please :)

[janbartel]

@lprimak thanks for the nudge - don't know how this one escaped my attention. You're right, according to the javadoc you should be able to call SessionContext.getSessionTimeout() outside of the startup sequence (modulo the provision for UnsupportedOperationException). The TCK either doesn't test this, or possibly only tests it from inside a ServletContainerInitializer as we were doing.