tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jean-Francois Arcand <jfarc...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenti cator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthentic
Date Mon, 24 Nov 2003 19:08:19 GMT


Brian Stansberry wrote:

>At 11:56 AM 11/24/2003 -0600, you wrote:
>  
>
>>I have tried applying the patch, and I found three problems with it.
>>First, its removal of a session from the SingleSignOnEntry object causes
>>an IndexOutOfBounds exception.  Second, the method for determining
>>whether the user explicitly logged out or whether a session timed out
>>doesn't scale one of the numbers correctly (i.e. comparing millisecond
>>values to seconds).  I have fixed the patch, but I don't have a diff of
>>it yet (I'm new to helping with this project).  Finally, the patch
>>doesn't synchronize on 'reverse' when removing an entry from it.
>>    
>>
>
>I also looked at the code for StandardSession.getLastAccessedTime() and it looks as if
it will throw an IllegalStateException if the session is expired.  So that would break the
algorithm used in the 9077 patch.
>
>BTW, the javadoc for javax.servlet.http.HttpSession doesn't specify throwing an IllegalStateException
for a call to getLastAccessedTime().  It looks as if the exception throw  was added in response
to bug 15967, which stated that the javadoc does specify the exception, but I'm looking at
the javadoc for both Servlet 2.3 and 2.4, and in both cases it's not specified.
>
Hum...look at:

> http://java.sun.com/j2ee/1.4/docs/api/index.html

<quote>

>
>       getLastAccessedTime
>
>public long *getLastAccessedTime*()
>
>     [.....]
>
>     *Returns:*
>         a |long| representing the last time the client sent a request
>         associated with this session, expressed in milliseconds since
>         1/1/1970 GMT 
>     *Throws:*
>         |IllegalStateException
>         <http://java.sun.com/j2se/1.4/docs/api/java/lang/IllegalStateException.html>|
>         - if this method is called on an invalidated session
>
</quote>

-- Jeanfrancois




>
>
>Brian Stansberry
>WAN Concepts, Inc.
>www.wanconcepts.com
>Tel:    (510) 894-0114 x 116
>Fax:    (510) 797-3005 
>
>
>---------------------------------------------------------------------
>To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
>For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org
>
>
>  
>


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message