markt 2004/08/13 13:21:06
Modified: catalina/src/share/org/apache/catalina/authenticator
SingleSignOn.java
Log:
Fix bug 29956. Incorrect handling of negative timeout in SingleSignOn.sessionEvent()
- Patch provided by Brian Stansberry
- Ported from TC5
Revision Changes Path
1.14 +8 -8
jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java
Index: SingleSignOn.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -r1.13 -r1.14
--- SingleSignOn.java 24 Dec 2003 20:40:50 -0000 1.13
+++ SingleSignOn.java 13 Aug 2004 20:21:05 -0000 1.14
@@ -72,11 +72,9 @@
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpServletResponse;
-import org.apache.catalina.Container;
import org.apache.catalina.HttpRequest;
import org.apache.catalina.HttpResponse;
import org.apache.catalina.Lifecycle;
-import org.apache.catalina.LifecycleEvent;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.LifecycleListener;
import org.apache.catalina.Logger;
@@ -384,8 +382,10 @@
* SSO. If the session was logged out, we'll log out
* of all session associated with the SSO.
*/
- if (System.currentTimeMillis() - session.getLastAccessedTime() >=
- session.getMaxInactiveInterval() * 1000) {
+ if ((session.getMaxInactiveInterval() > 0)
+ && (System.currentTimeMillis() - session.getLastAccessedTime() >=
+ session.getMaxInactiveInterval() * 1000)) {
+
removeSession(ssoId, session);
}
else {
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
