tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenti cator SSLAuthentic
Date Mon, 24 Nov 2003 19:21:43 GMT
Brian Stansberry wrote:
> At 11:56 AM 11/24/2003 -0600, you wrote:
>> I have tried applying the patch, and I found three problems with
>> it. First, its removal of a session from the SingleSignOnEntry
>> object causes an IndexOutOfBounds exception.  Second, the method
>> for determining whether the user explicitly logged out or whether a
>> session timed out doesn't scale one of the numbers correctly (i.e.
>> comparing millisecond values to seconds).  I have fixed the patch,
>> but I don't have a diff of it yet (I'm new to helping with this
>> project).  Finally, the patch doesn't synchronize on 'reverse' when
>> removing an entry from it.
> I also looked at the code for StandardSession.getLastAccessedTime()
> and it looks as if it will throw an IllegalStateException if the
> session is expired.  So that would break the algorithm used in the
> 9077 patch.
> BTW, the javadoc for javax.servlet.http.HttpSession doesn't specify
> throwing an IllegalStateException for a call to
> getLastAccessedTime().  It looks as if the exception throw  was added
> in response to bug 15967, which stated that the javadoc does specify
> the exception, but I'm looking at the javadoc for both Servlet 2.3
> and 2.4, and in both cases it's not specified.

Can you address those issues ASAP ? (incl the array out of bounds and 
the sync issue)


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message