From 722781d7517c8d769764941af14ade9cb649a41a Mon Sep 17 00:00:00 2001
From: Jan Bartel <janb@webtide.com>
Date: Thu, 16 Feb 2023 09:10:41 +1100
Subject: [PATCH] Issue #9181 NPE in SessionHandler  (#9346)

Cherry pick back to 9.4
---
 .../jetty/server/session/SessionHandler.java  | 45 ++++++++++---------
 1 file changed, 24 insertions(+), 21 deletions(-)

diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java
index f2076eaa3b2a..9b2007150a50 100644
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionHandler.java
@@ -1727,33 +1727,36 @@ else if (!DispatcherType.REQUEST.equals(baseRequest.getDispatcherType()))
         if (isUsingURLs() && (requestedSessionId == null))
         {
             String uri = request.getRequestURI();
-            String prefix = getSessionIdPathParameterNamePrefix();
-            if (prefix != null)
+            if (uri != null)
             {
-                int s = uri.indexOf(prefix);
-                if (s >= 0)
+                String prefix = getSessionIdPathParameterNamePrefix();
+                if (prefix != null)
                 {
-                    s += prefix.length();
-                    int i = s;
-                    while (i < uri.length())
+                    int s = uri.indexOf(prefix);
+                    if (s >= 0)
                     {
-                        char c = uri.charAt(i);
-                        if (c == ';' || c == '#' || c == '?' || c == '/')
-                            break;
-                        i++;
-                    }
+                        s += prefix.length();
+                        int i = s;
+                        while (i < uri.length())
+                        {
+                            char c = uri.charAt(i);
+                            if (c == ';' || c == '#' || c == '?' || c == '/')
+                                break;
+                            i++;
+                        }
 
-                    requestedSessionId = uri.substring(s, i);
-                    requestedSessionIdFromCookie = false;
+                        requestedSessionId = uri.substring(s, i);
+                        requestedSessionIdFromCookie = false;
 
-                    if (LOG.isDebugEnabled())
-                        LOG.debug("Got Session ID {} from URL", requestedSessionId);
+                        if (LOG.isDebugEnabled())
+                            LOG.debug("Got Session ID {} from URL", requestedSessionId);
 
-                    session = getHttpSession(requestedSessionId);
-                    if (session != null && isValid(session))
-                    {
-                        baseRequest.enterSession(session); //request enters this session for first time
-                        baseRequest.setSession(session);  //associate the session with the request
+                        session = getHttpSession(requestedSessionId);
+                        if (session != null && isValid(session))
+                        {
+                            baseRequest.enterSession(session); //request enters this session for first time
+                            baseRequest.setSession(session);  //associate the session with the request
+                        }
                     }
                 }
             }