From tomcat-dev-return-36727-apmail-jakarta-tomcat-dev-archive=jakarta.apache.org@jakarta.apache.org Mon Nov 24 19:21:55 2003 Return-Path: Delivered-To: apmail-jakarta-tomcat-dev-archive@www.apache.org Received: (qmail 53643 invoked from network); 24 Nov 2003 19:21:55 -0000 Received: from daedalus.apache.org (HELO mail.apache.org) (208.185.179.12) by minotaur-2.apache.org with SMTP; 24 Nov 2003 19:21:55 -0000 Received: (qmail 42842 invoked by uid 500); 24 Nov 2003 19:21:39 -0000 Delivered-To: apmail-jakarta-tomcat-dev-archive@jakarta.apache.org Received: (qmail 42801 invoked by uid 500); 24 Nov 2003 19:21:39 -0000 Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm Precedence: bulk List-Unsubscribe: List-Subscribe: List-Help: List-Post: List-Id: "Tomcat Developers List" Reply-To: "Tomcat Developers List" Delivered-To: mailing list tomcat-dev@jakarta.apache.org Received: (qmail 42779 invoked from network); 24 Nov 2003 19:21:39 -0000 Received: from unknown (HELO minotaur.apache.org) (209.237.227.194) by daedalus.apache.org with SMTP; 24 Nov 2003 19:21:39 -0000 Received: (qmail 53600 invoked from network); 24 Nov 2003 19:21:47 -0000 Received: from unknown (HELO apache.org) (127.0.0.1) by localhost with SMTP; 24 Nov 2003 19:21:47 -0000 Message-ID: <3FC25A47.3060506@apache.org> Date: Mon, 24 Nov 2003 20:21:43 +0100 From: Remy Maucherat User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.5) Gecko/20031007 X-Accept-Language: en-us, en MIME-Version: 1.0 To: Tomcat Developers List Subject: Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenti cator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthentic References: <5.1.0.14.2.20031124102932.01bcaf80@mail.wanconcepts.com> In-Reply-To: <5.1.0.14.2.20031124102932.01bcaf80@mail.wanconcepts.com> Content-Type: text/plain; charset=us-ascii; format=flowed Content-Transfer-Encoding: 7bit X-Spam-Rating: localhost 1.6.2 0/1000/N X-Spam-Rating: daedalus.apache.org 1.6.2 0/1000/N X-Spam-Rating: minotaur-2.apache.org 1.6.2 0/1000/N Brian Stansberry wrote: > At 11:56 AM 11/24/2003 -0600, you wrote: > >> I have tried applying the patch, and I found three problems with >> it. First, its removal of a session from the SingleSignOnEntry >> object causes an IndexOutOfBounds exception. Second, the method >> for determining whether the user explicitly logged out or whether a >> session timed out doesn't scale one of the numbers correctly (i.e. >> comparing millisecond values to seconds). I have fixed the patch, >> but I don't have a diff of it yet (I'm new to helping with this >> project). Finally, the patch doesn't synchronize on 'reverse' when >> removing an entry from it. > > > I also looked at the code for StandardSession.getLastAccessedTime() > and it looks as if it will throw an IllegalStateException if the > session is expired. So that would break the algorithm used in the > 9077 patch. > > BTW, the javadoc for javax.servlet.http.HttpSession doesn't specify > throwing an IllegalStateException for a call to > getLastAccessedTime(). It looks as if the exception throw was added > in response to bug 15967, which stated that the javadoc does specify > the exception, but I'm looking at the javadoc for both Servlet 2.3 > and 2.4, and in both cases it's not specified. Can you address those issues ASAP ? (incl the array out of bounds and the sync issue) Thanks, Remy --------------------------------------------------------------------- To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org