OK, issue opened and patch uploaded. Issue is: JSEC-23
I left the issue status as open, but the patch I uploaded will resolve the issue. Thanks, Todd Kofford [EMAIL PROTECTED] -----Original Message----- From: Alan D. Cabrera [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 04, 2008 5:37 PM To: [email protected] Subject: Re: Session Expiration - Unconditional? Use https://svn.apache.org/repos/asf/incubator/jsecurity/import/trunk and build a patch off of that. Submit a bug on https://issues.apache.org/jira/browse/JSEC and attach your patch to it. Someone on the team will integrate it for you. Many thanks! Regards, Alan On Nov 4, 2008, at 2:41 PM, Kofford, C Todd wrote: > If you could give me a quick rundown on your patch submission process, > I'd be happy to submit a patch. > > Do I use the latest code from the HEAD branch or is there alternate > branch that I need to use as a code base? > > Thanks, > Todd > > -----Original Message----- > From: Alan D. Cabrera [mailto:[EMAIL PROTECTED] > Sent: Tuesday, November 04, 2008 3:57 PM > To: [email protected] > Subject: Re: Session Expiration - Unconditional? > > > On Nov 4, 2008, at 10:11 AM, Kofford, C Todd wrote: > >> I'm using jsecurity RC2, and I keep seeing the session for my webapp >> expire after 30 minutes. Even though I do reads and writes to the >> session, it unconditionally expires after 30 minutes. >> >> Is this by design, or should session access (read or write) delay >> session expiration for another 30 minutes? >> >> In looking at the source code for RC2, it appears that the >> lastAccessTime field of SimpleSession is never updated when the >> session >> is read from or written to. The lastAccessTime field only gets set >> when >> a SimpleSession is initially created and updated in the >> DefaultSessionManager.onStop() method. > > Good catch Todd. Would you like to submit a patch? > > > Regards, > Alan > >
