tomcat-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Brian Burch <>
Subject Re: [Bug 54190] TestNonLoginAndBasicAuthenticator does not test session timeout properly
Date Thu, 22 Nov 2012 16:30:05 GMT
On 22/11/12 15:17, wrote:
> --- Comment #2 from Mark Thomas <> ---
> testBasicLoginWithoutSession() seems to repeat the same pair of tests but the
> comments suggest that something different should happen the second time. What
> am I missing?

Thanks for looking at my change so carefully and quickly.

You are not missing anything, Mark. Perhaps my comments section could be 

That particular test demonstrates something that I am sure you consider 
obvious... tc does not have any mechanism for "remembering" the client's 
successful authentication. The third call to doTestBasic, without 
providing any credentials, gets the 401 status because the server didn't 
have a cached session.

The only reason I coded that explicit 401/200/401/200 sequence was to 
make it obviously and directly comparable with 
testBasicLoginSessionPersistence, which gets 401/200/200/200.

Strictly speaking, I suppose the fourth doTestBasic is redundant, the 
third is a bit like stating the obvious, and then the whole of 
testAcceptProtectedBasic could be considered to be a duplicate. 
Nevertheless, the only test that takes any time at all is the one that 
involves a session timeout.

My main motive for "dotting the i's" was to make the behaviour clear to 
a third person who might be trying to understand the way it works.

Do you prefer to make the comments clearer, or take out the redundant logic?


To unsubscribe, e-mail:
For additional commands, e-mail:

View raw message