[
https://issues.apache.org/jira/browse/SHIRO-421?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=13691115#comment-13691115
]
Jono Morris commented on SHIRO-421:
-----------------------------------
Performing the conversion of the time out interval from seconds to milliseconds
using longs in the getTimeout method avoids the overflow. Could still add
additional methods to the Session API if desired.
> Unable to set long timeouts on HttpServletSession
> -------------------------------------------------
>
> Key: SHIRO-421
> URL: https://issues.apache.org/jira/browse/SHIRO-421
> Project: Shiro
> Issue Type: Bug
> Components: Session Management
> Affects Versions: 1.2.1
> Reporter: Andrew Pitman
> Labels: session
> Fix For: 1.3.0, 2.0.0
>
> Attachments: shiro-421.patch
>
>
> When I set the timeout on a org.apache.shiro.web.session.HttpServletSession
> to a large value (30 days == 2592000000 milliseconds) using the
> setTimeout(long) method and then read the timeout with the getTimeout()
> method, I get -1702967296. I would like to be able to do this in order to
> have a long-lasting session for users who select "remember me" when logging
> in to a web app.
> I think this may have something to do with the fact that the getTimeout()
> method is using integer multiplication before converting the
> javax.servlet.http.HttpSession's max inactive interval from an int to a long.
--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira
