You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@shiro.apache.org by "Jono Morris (JIRA)" <ji...@apache.org> on 2013/06/22 13:42:20 UTC

[jira] [Updated] (SHIRO-421) Unable to set long timeouts on HttpServletSession

     [ https://issues.apache.org/jira/browse/SHIRO-421?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Jono Morris updated SHIRO-421:
------------------------------

    Attachment: shiro-421.patch

Patch includes code change that prevents integer overflow and JUnit test.

                
> Unable to set long timeouts on HttpServletSession
> -------------------------------------------------
>
>                 Key: SHIRO-421
>                 URL: https://issues.apache.org/jira/browse/SHIRO-421
>             Project: Shiro
>          Issue Type: Bug
>          Components: Session Management
>    Affects Versions: 1.2.1
>            Reporter: Andrew Pitman
>              Labels: session
>             Fix For: 1.3.0, 2.0.0
>
>         Attachments: shiro-421.patch
>
>
> When I set the timeout on a org.apache.shiro.web.session.HttpServletSession to a large value (30 days == 2592000000 milliseconds) using the setTimeout(long) method and then read the timeout with the getTimeout() method, I get -1702967296. I would like to be able to do this in order to have a long-lasting session for users who select "remember me" when logging in to a web app.
> I think this may have something to do with the fact that the getTimeout() method is using integer multiplication before converting the javax.servlet.http.HttpSession's max inactive interval from an int to a long.

--
This message is automatically generated by JIRA.
If you think it was sent incorrectly, please contact your JIRA administrators
For more information on JIRA, see: http://www.atlassian.com/software/jira