This is an automated email from the ASF dual-hosted git repository.
remm pushed a commit to branch main
in repository https://gitbox.apache.org/repos/asf/tomcat.git
The following commit(s) were added to refs/heads/main by this push:
new 9cfb4797f5 Fix saved request serialization issue in FORM
9cfb4797f5 is described below
commit 9cfb4797f5c4957d130b32591e2346406918676d
Author: remm <[email protected]>
AuthorDate: Thu Jun 5 10:38:38 2025 +0200
Fix saved request serialization issue in FORM
Introduced when allowing infinite session timeouts.
BZ69706
---
java/org/apache/catalina/authenticator/FormAuthenticator.java | 8 ++++----
java/org/apache/catalina/authenticator/SavedRequest.java | 7 +++----
webapps/docs/changelog.xml | 4 ++++
3 files changed, 11 insertions(+), 8 deletions(-)
diff --git a/java/org/apache/catalina/authenticator/FormAuthenticator.java
b/java/org/apache/catalina/authenticator/FormAuthenticator.java
index c53da4f308..e54cc5a2d6 100644
--- a/java/org/apache/catalina/authenticator/FormAuthenticator.java
+++ b/java/org/apache/catalina/authenticator/FormAuthenticator.java
@@ -641,8 +641,8 @@ public class FormAuthenticator extends AuthenticatorBase {
request.getCoyoteRequest().queryString().toStringType();
request.getCoyoteRequest().protocol().toStringType();
- if (saved.getOriginalMaxInactiveIntervalOptional().isPresent()) {
-
session.setMaxInactiveInterval(saved.getOriginalMaxInactiveIntervalOptional().getAsInt());
+ if (saved.getOriginalMaxInactiveIntervalOptional() != null) {
+
session.setMaxInactiveInterval(saved.getOriginalMaxInactiveIntervalOptional().intValue());
}
return true;
@@ -718,14 +718,14 @@ public class FormAuthenticator extends AuthenticatorBase {
session.setMaxInactiveInterval(getAuthenticationSessionTimeout());
}
} else if (previousSavedRequest != null &&
-
previousSavedRequest.getOriginalMaxInactiveIntervalOptional().isPresent()) {
+ previousSavedRequest.getOriginalMaxInactiveIntervalOptional()
!= null) {
/*
* The user may have refreshed the browser page during
authentication. Transfer the original max inactive
* interval from previous saved request to current one else, once
authentication is completed, the session
* will retain the shorter authentication session timeout
*/
saved.setOriginalMaxInactiveInterval(
-
previousSavedRequest.getOriginalMaxInactiveIntervalOptional().getAsInt());
+
previousSavedRequest.getOriginalMaxInactiveIntervalOptional().intValue());
}
// Stash the SavedRequest in our session for later use
diff --git a/java/org/apache/catalina/authenticator/SavedRequest.java
b/java/org/apache/catalina/authenticator/SavedRequest.java
index 0097eeba47..499a96944c 100644
--- a/java/org/apache/catalina/authenticator/SavedRequest.java
+++ b/java/org/apache/catalina/authenticator/SavedRequest.java
@@ -25,7 +25,6 @@ import java.util.Iterator;
import java.util.List;
import java.util.Locale;
import java.util.Map;
-import java.util.OptionalInt;
import jakarta.servlet.http.Cookie;
@@ -184,13 +183,13 @@ public final class SavedRequest implements Serializable {
/**
* The original maxInactiveInterval for the session.
*/
- private OptionalInt originalMaxInactiveInterval = OptionalInt.empty();
+ private Integer originalMaxInactiveInterval = null;
- public OptionalInt getOriginalMaxInactiveIntervalOptional() {
+ public Integer getOriginalMaxInactiveIntervalOptional() {
return originalMaxInactiveInterval;
}
public void setOriginalMaxInactiveInterval(int
originalMaxInactiveInterval) {
- this.originalMaxInactiveInterval =
OptionalInt.of(originalMaxInactiveInterval);
+ this.originalMaxInactiveInterval =
Integer.valueOf(originalMaxInactiveInterval);
}
}
diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index d86b971e63..1b5cb12fcc 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -194,6 +194,10 @@
rewrite map files to align behaviour with Apache httpd. Pull request
provided by Chenjp. (markt)
</add>
+ <fix>
+ <bug>69706</bug>: Fix saved request serialization issue in FORM
+ introduced when allowing infinite session timeouts. (remm)
+ </fix>
</changelog>
</subsection>
<subsection name="Coyote">
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
