[
https://issues.apache.org/jira/browse/KI-12?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Alan Cabrera moved JSEC-23 to KI-12:
------------------------------------
Fix Version/s: (was: 0.9)
Component/s: (was: Session Management)
Affects Version/s: (was: 0.9-RC1)
Key: KI-12 (was: JSEC-23)
Project: Ki (was: JSecurity)
> Session Timeout - Unconditional
> -------------------------------
>
> Key: KI-12
> URL: https://issues.apache.org/jira/browse/KI-12
> Project: Ki
> Issue Type: Bug
> Reporter: Todd Kofford
> Assignee: Alan Cabrera
> Attachments: sessionExpiration.patch
>
> Original Estimate: 2h
> Remaining Estimate: 2h
>
> The SimpleSession class is expiring sessions unconditionally after the
> default timeout of 30 minutes, regardless of any reads or writes to the
> session.
> This issue is caused by the lastAccessTime field of the SimpleSession class
> not being updated when a session attribute is read or written. Since session
> expiration is dependent on the lastAccessTime value, this field needs to be
> updated each time a session attribute is read or written to the session.
> The fix for this issue would be to call the touch() method of the
> SimpleSession class each time an attribute is read or written to the session.
> Since the touch() method updates the lastAccessTime field with the current
> time, this call is sufficient to perform the update that is required.
--
This message is automatically generated by JIRA.
-
You can reply to this email to add a comment to the issue online.
