You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@tomcat.apache.org by ma...@apache.org on 2004/08/13 22:21:06 UTC

cvs commit: jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator SingleSignOn.java

markt       2004/08/13 13:21:06

  Modified:    catalina/src/share/org/apache/catalina/authenticator
                        SingleSignOn.java
  Log:
  Fix bug 29956. Incorrect handling of negative timeout in SingleSignOn.sessionEvent()
   - Patch provided by Brian Stansberry
   - Ported from TC5
  
  Revision  Changes    Path
  1.14      +8 -8      jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java
  
  Index: SingleSignOn.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat-4.0/catalina/src/share/org/apache/catalina/authenticator/SingleSignOn.java,v
  retrieving revision 1.13
  retrieving revision 1.14
  diff -u -r1.13 -r1.14
  --- SingleSignOn.java	24 Dec 2003 20:40:50 -0000	1.13
  +++ SingleSignOn.java	13 Aug 2004 20:21:05 -0000	1.14
  @@ -72,11 +72,9 @@
   import javax.servlet.http.Cookie;
   import javax.servlet.http.HttpServletRequest;
   import javax.servlet.http.HttpServletResponse;
  -import org.apache.catalina.Container;
   import org.apache.catalina.HttpRequest;
   import org.apache.catalina.HttpResponse;
   import org.apache.catalina.Lifecycle;
  -import org.apache.catalina.LifecycleEvent;
   import org.apache.catalina.LifecycleException;
   import org.apache.catalina.LifecycleListener;
   import org.apache.catalina.Logger;
  @@ -384,8 +382,10 @@
            *  SSO.  If the session was logged out, we'll log out
            *  of all session associated with the SSO.
            */
  -        if (System.currentTimeMillis() - session.getLastAccessedTime() >=
  -                session.getMaxInactiveInterval() * 1000) {            
  +        if ((session.getMaxInactiveInterval() > 0)
  +            && (System.currentTimeMillis() - session.getLastAccessedTime() >=
  +                session.getMaxInactiveInterval() * 1000)) {
  +
               removeSession(ssoId, session);
           }
           else {
  
  
  

---------------------------------------------------------------------
To unsubscribe, e-mail: tomcat-dev-unsubscribe@jakarta.apache.org
For additional commands, e-mail: tomcat-dev-help@jakarta.apache.org