(tomcat) 01/02: Fix saved request serialization issue in FORM

Thu, 05 Jun 2025 01:52:36 -0700 

This is an automated email from the ASF dual-hosted git repository.

remm pushed a commit to branch 11.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit e7326307a0fc2c4611fe04d94f3045bed822fc0b
Author: remm <r...@apache.org>
AuthorDate: Thu Jun 5 10:38:38 2025 +0200

    Fix saved request serialization issue in FORM
    
    Introduced when allowing infinite session timeouts.
    BZ69706
---
 java/org/apache/catalina/authenticator/FormAuthenticator.java | 8 ++++----
 java/org/apache/catalina/authenticator/SavedRequest.java      | 7 +++----
 webapps/docs/changelog.xml                                    | 4 ++++
 3 files changed, 11 insertions(+), 8 deletions(-)

diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java 
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index c53da4f308..e54cc5a2d6 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -641,8 +641,8 @@ public class FormAuthenticator extends AuthenticatorBase {
         request.getCoyoteRequest().queryString().toStringType();
         request.getCoyoteRequest().protocol().toStringType();
 
-        if (saved.getOriginalMaxInactiveIntervalOptional().isPresent()) {
-            
session.setMaxInactiveInterval(saved.getOriginalMaxInactiveIntervalOptional().getAsInt());
+        if (saved.getOriginalMaxInactiveIntervalOptional() != null) {
+            
session.setMaxInactiveInterval(saved.getOriginalMaxInactiveIntervalOptional().intValue());
         }
 
         return true;
@@ -718,14 +718,14 @@ public class FormAuthenticator extends AuthenticatorBase {
                 
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
             }
         } else if (previousSavedRequest != null &&
-                
previousSavedRequest.getOriginalMaxInactiveIntervalOptional().isPresent()) {
+                previousSavedRequest.getOriginalMaxInactiveIntervalOptional() 
!= null) {
             /*
              * The user may have refreshed the browser page during 
authentication. Transfer the original max inactive
              * interval from previous saved request to current one else, once 
authentication is completed, the session
              * will retain the shorter authentication session timeout
              */
             saved.setOriginalMaxInactiveInterval(
-                    
previousSavedRequest.getOriginalMaxInactiveIntervalOptional().getAsInt());
+                    
previousSavedRequest.getOriginalMaxInactiveIntervalOptional().intValue());
         }
 
         // Stash the SavedRequest in our session for later use
diff --git a/java/org/apache/catalina/authenticator/SavedRequest.java 
b/java/org/apache/catalina/authenticator/SavedRequest.java
index 12804672a6..9ca3a53a24 100644
--- a/java/org/apache/catalina/authenticator/SavedRequest.java
+++ b/java/org/apache/catalina/authenticator/SavedRequest.java
@@ -25,7 +25,6 @@ import java.util.Iterator;
 import java.util.List;
 import java.util.Locale;
 import java.util.Map;
-import java.util.OptionalInt;
 
 import jakarta.servlet.http.Cookie;
 
@@ -184,9 +183,9 @@ public final class SavedRequest implements Serializable {
     /**
      * The original maxInactiveInterval for the session.
      */
-    private OptionalInt originalMaxInactiveInterval = OptionalInt.empty();
+    private Integer originalMaxInactiveInterval = null;
 
-    public OptionalInt getOriginalMaxInactiveIntervalOptional() {
+    public Integer getOriginalMaxInactiveIntervalOptional() {
         return originalMaxInactiveInterval;
     }
 
@@ -204,6 +203,6 @@ public final class SavedRequest implements Serializable {
     }
 
     public void setOriginalMaxInactiveInterval(int 
originalMaxInactiveInterval) {
-        this.originalMaxInactiveInterval = 
OptionalInt.of(originalMaxInactiveInterval);
+        this.originalMaxInactiveInterval = 
Integer.valueOf(originalMaxInactiveInterval);
     }
 }
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 1a5234e72e..32b15d48c4 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -135,6 +135,10 @@
         rewrite map files to align behaviour with Apache httpd. Pull request
         provided by Chenjp. (markt)
       </add>
+      <fix>
+        <bug>69706</bug>: Fix saved request serialization issue in FORM
+        introduced when allowing infinite session timeouts. (remm)
+      </fix>
     </changelog>
   </subsection>
   <subsection name="Coyote">


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org

Reply via email to