Hi. You should be able to fork this repository on GitHub to your account, push changes there and create pull requests from your remote fork.
Hope this helps. D. On Sun, Oct 17, 2021 at 04:12 Krzysztof Ślusarski <[email protected]> wrote: > The class org.jasig.cas.client.session.HashMapBackedSessionMappingStorage > contains 2 maps: > > private final Map<String, HttpSession> MANAGED_SESSIONS = new HashMap<String, > HttpSession>(); > private final Map<String, String> ID_TO_SESSION_KEY_MAPPING = new > HashMap<String, String>(); > > There is a part of CAS client, that listens on server events and clears > that storage on session destroy. That code is > in org.jasig.cas.client.session.SingleSignOutHttpSessionListener. The > problem is that the public API of the javax.servlet.http.HttpServletRequest > has a method (from servlet v3.1): > > String changeSessionId(); > > That method doesn't destroy a session, but changes its id. This type of > action doesn't affect the maps in the HashMapBackedSessionMappingStorage. > It causes memory leak, because session with changed id cannot be removed > from the storage. Changing session id is the default of Spring > implementation of session fixation, so the problem may be popular in the > future. The default is implemented > in > org.springframework.security.web.authentication.session.ChangeSessionIdAuthenticationStrategy > and is created as default > in > org.springframework.security.config.annotation.web.configurers.SessionManagementConfigurer#createDefaultSessionFixationProtectionStrategy. > > Possible fix: implement listener that implements > javax.servlet.http.HttpSessionIdListener that manipulates the maps > in HashMapBackedSessionMappingStorage. I've implemented this, but I cannot > push my branch into https://github.com/apereo/java-cas-client: > ERROR: Permission to apereo/java-cas-client.git denied to > krzysztofslusarski. > fatal: Could not read from remote repository. > Please make sure you have the correct access rights > and the repository exists. > > Can I get right to perform push and do a pull request? > > Best regards, > Krzysztof Ślusarski > > -- > You received this message because you are subscribed to the Google Groups > "CAS Developer" group. > To unsubscribe from this group and stop receiving emails from it, send an > email to [email protected]. > To view this discussion on the web visit > https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CACjVSqEk5sTLLFhVXL8K7%3Dkb-cYJnnWYv%3D%2B5j6Q6U01yFS4msg%40mail.gmail.com > <https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CACjVSqEk5sTLLFhVXL8K7%3Dkb-cYJnnWYv%3D%2B5j6Q6U01yFS4msg%40mail.gmail.com?utm_medium=email&utm_source=footer> > . > -- You received this message because you are subscribed to the Google Groups "CAS Developer" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/a/apereo.org/d/msgid/cas-dev/CAMpiYKhMsee90WqHtn%3DivC4_%3DAuR7WSKsf1WSbFt5jjd46N%3DgA%40mail.gmail.com.
