Remy Maucherat wrote:
Well, I think it is perfectly acceptable, sorry ;-)
BTW, there's no CoyoteRequestFacade.recycle, that's in CoyoteRequest, and it is obviously a field which needs to be recycled.
I meant to say CoyoteRequest. :-)
"Fixing" this will create a major security issue. Please refrain from fixing things you do not seem to understand well, or please only do so in Sun's repositories.
I see that there will be security issues if we don't clean up the field in the request. No such fix will go into Sun's repositories if it's a security issue. I obviously posted the email to the list for additional comments to understand the code better.
Ok, sorry.
(I'm posting inaccurate stuff right now, anyway)
You see that stuff in StandardSession ?
/**
* Internal notes associated with this session by Catalina components
* and event listeners. <b>IMPLEMENTATION NOTE:</b> This object is
* <em>not</em> saved and restored across session serializations!
*/
private transient HashMap notes = new HashMap();
/** * The authenticated Principal associated with this session, if any. * <b>IMPLEMENTATION NOTE:</b> This object is <i>not</i> saved and * restored across session serializations! */ private transient Principal principal = null;
Well, I think you have to remove the transient. But I think it's there for a reason, so at this point I don't want this changed in TC, since I consider the issue is not worth it (you can try out a fix on your own of course :)).
Remy
--------------------------------------------------------------------- To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED]
