You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@tomcat.apache.org by ma...@apache.org on 2015/11/10 12:10:44 UTC
svn commit: r1713612 - in /tomcat/trunk: java/org/apache/catalina/
java/org/apache/catalina/session/ java/org/apache/catalina/util/
test/org/apache/catalina/util/
Author: markt
Date: Tue Nov 10 11:10:44 2015
New Revision: 1713612
URL: http://svn.apache.org/viewvc?rev=1713612&view=rev
Log:
Revert 1713285
A better solution is available
Removed:
tomcat/trunk/test/org/apache/catalina/util/TestStandardSessionIdGenerator.java
Modified:
tomcat/trunk/java/org/apache/catalina/SessionIdGenerator.java
tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
tomcat/trunk/java/org/apache/catalina/util/SessionIdGeneratorBase.java
tomcat/trunk/java/org/apache/catalina/util/StandardSessionIdGenerator.java
Modified: tomcat/trunk/java/org/apache/catalina/SessionIdGenerator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/SessionIdGenerator.java?rev=1713612&r1=1713611&r2=1713612&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/SessionIdGenerator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/SessionIdGenerator.java Tue Nov 10 11:10:44 2015
@@ -55,18 +55,4 @@ public interface SessionIdGenerator {
* @param route node identifier to include in generated id
*/
public String generateSessionId(String route);
-
- /**
- * Determine, based on implementation specific rules which may be as strict
- * or as relaxed as the implementor wishes, if the provided session ID is
- * valid. This may be used when generating sessions with user provided
- * session IDs to ensure that they are suitable or if a new ID needs to be
- * generated.
- *
- * @param sessionId The proposed session ID to test
- *
- * @return {@code true} if the proposed session ID is acceptable, otherwise
- * {@code false}
- */
- public boolean validateSessionId(String sessionId);
}
Modified: tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java?rev=1713612&r1=1713611&r2=1713612&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/session/ManagerBase.java Tue Nov 10 11:10:44 2015
@@ -627,7 +627,7 @@ public abstract class ManagerBase extend
session.setCreationTime(System.currentTimeMillis());
session.setMaxInactiveInterval(this.maxInactiveInterval);
String id = sessionId;
- if (id == null || !sessionIdGenerator.validateSessionId(id)) {
+ if (id == null) {
id = generateSessionId();
}
session.setId(id);
Modified: tomcat/trunk/java/org/apache/catalina/util/SessionIdGeneratorBase.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/SessionIdGeneratorBase.java?rev=1713612&r1=1713611&r2=1713612&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/util/SessionIdGeneratorBase.java (original)
+++ tomcat/trunk/java/org/apache/catalina/util/SessionIdGeneratorBase.java Tue Nov 10 11:10:44 2015
@@ -273,18 +273,6 @@ public abstract class SessionIdGenerator
}
- /**
- * {@inheritDoc}
- * <p>
- * The base implementation performs no validation and treats all proposed
- * session IDs as valid.
- */
- @Override
- public boolean validateSessionId(String sessionId) {
- return true;
- }
-
-
@Override
protected void initInternal() throws LifecycleException {
// NO-OP
Modified: tomcat/trunk/java/org/apache/catalina/util/StandardSessionIdGenerator.java
URL: http://svn.apache.org/viewvc/tomcat/trunk/java/org/apache/catalina/util/StandardSessionIdGenerator.java?rev=1713612&r1=1713611&r2=1713612&view=diff
==============================================================================
--- tomcat/trunk/java/org/apache/catalina/util/StandardSessionIdGenerator.java (original)
+++ tomcat/trunk/java/org/apache/catalina/util/StandardSessionIdGenerator.java Tue Nov 10 11:10:44 2015
@@ -16,8 +16,6 @@
*/
package org.apache.catalina.util;
-import org.apache.tomcat.util.buf.HexUtils;
-
public class StandardSessionIdGenerator extends SessionIdGeneratorBase {
@Override
@@ -62,40 +60,4 @@ public class StandardSessionIdGenerator
return buffer.toString();
}
-
- /**
- * {@inheritDoc}
- * <p>
- * This implementation performs the following checks:
- * <ul>
- * <li>The characters up to the first period (if any) are valid hex
- * digits</li>
- * <li>There are at least enough hex digits to represent the specified
- * session ID length</li>
- * <li>Anything after the first period is not validated since that is
- * assumed to be a JVM route and we can't easily determine valid
- * values</li>
- * </ul>
- */
- @Override
- public boolean validateSessionId(String sessionId) {
- if (sessionId == null) {
- return false;
- }
- int len = sessionId.indexOf('.');
- if (len == -1) {
- len = sessionId.length();
- }
- // Session ID length is in bytes and 2 hex digits are required for each
- // byte
- if (len < getSessionIdLength() * 2) {
- return false;
- }
- for (int i = 0; i < len; i++) {
- if (HexUtils.getDec(sessionId.charAt(i)) == -1) {
- return false;
- }
- }
- return true;
- }
}
---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@tomcat.apache.org
For additional commands, e-mail: dev-help@tomcat.apache.org