Re: cvs commit: jakarta-tomcat-catalina/catalina/src/share/org/apache/catalina/authenti cator SingleSignOnEntry.java AuthenticatorBase.java BasicAuthenticator.java DigestAuthenticator.java FormAuthenticator.java NonLoginAuthenticator.java SSLAuthentic

Mon, 24 Nov 2003 12:11:30 -0800



Brian Stansberry wrote:

At 11:56 AM 11/24/2003 -0600, you wrote:


I have tried applying the patch, and I found three problems with it.
First, its removal of a session from the SingleSignOnEntry object causes
an IndexOutOfBounds exception. Second, the method for determining
whether the user explicitly logged out or whether a session timed out
doesn't scale one of the numbers correctly (i.e. comparing millisecond
values to seconds). I have fixed the patch, but I don't have a diff of
it yet (I'm new to helping with this project). Finally, the patch
doesn't synchronize on 'reverse' when removing an entry from it.



I also looked at the code for StandardSession.getLastAccessedTime() and it looks as if it will throw an IllegalStateException if the session is expired. So that would break the algorithm used in the 9077 patch.

BTW, the javadoc for javax.servlet.http.HttpSession doesn't specify throwing an IllegalStateException for a call to getLastAccessedTime(). It looks as if the exception throw was added in response to bug 15967, which stated that the javadoc does specify the exception, but I'm looking at the javadoc for both Servlet 2.3 and 2.4, and in both cases it's not specified.

Hum...look at:

http://java.sun.com/j2ee/1.4/docs/api/index.html

<quote>


getLastAccessedTime

public long *getLastAccessedTime*()

[.....]

*Returns:*
a |long| representing the last time the client sent a request
associated with this session, expressed in milliseconds since
1/1/1970 GMT *Throws:*
|IllegalStateException
<http://java.sun.com/j2se/1.4/docs/api/java/lang/IllegalStateException.html>|
- if this method is called on an invalidated session

</quote>

-- Jeanfrancois






Brian Stansberry
WAN Concepts, Inc.
www.wanconcepts.com
Tel: (510) 894-0114 x 116
Fax: (510) 797-3005 


---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]






---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]

Reply via email to