tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Remy Maucherat <r...@apache.org>
Subject Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenti cator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthentic
Date Mon, 24 Nov 2003 19:21:43 GMT
Brian Stansberry wrote:
> At 11:56 AM 11/24/2003 -0600, you wrote:
> 
>> I have tried applying the patch, and I found three problems with
>> it. First, its removal of a session from the SingleSignOnEntry
>> object causes an IndexOutOfBounds exception.  Second, the method
>> for determining whether the user explicitly logged out or whether a
>> session timed out doesn't scale one of the numbers correctly (i.e.
>> comparing millisecond values to seconds).  I have fixed the patch,
>> but I don't have a diff of it yet (I'm new to helping with this
>> project).  Finally, the patch doesn't synchronize on 'reverse' when
>> removing an entry from it.
> 
> 
> I also looked at the code for StandardSession.getLastAccessedTime()
> and it looks as if it will throw an IllegalStateException if the
> session is expired.  So that would break the algorithm used in the
> 9077 patch.
> 
> BTW, the javadoc for javax.servlet.http.HttpSession doesn't specify
> throwing an IllegalStateException for a call to
> getLastAccessedTime().  It looks as if the exception throw  was added
> in response to bug 15967, which stated that the javadoc does specify
> the exception, but I'm looking at the javadoc for both Servlet 2.3
> and 2.4, and in both cases it's not specified.

Can you address those issues ASAP ? (incl the array out of bounds and 
the sync issue)

Thanks,
Remy


---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org


Mime
View raw message