You are viewing a plain text version of this content. The canonical link for it is here.
Posted to commits@shiro.apache.org by lh...@apache.org on 2011/09/28 05:18:53 UTC
svn commit: r1176695 -
/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java
Author: lhazlewood
Date: Wed Sep 28 03:18:53 2011
New Revision: 1176695
URL: http://svn.apache.org/viewvc?rev=1176695&view=rev
Log:
SHIRO-325: applied 'transient' additions
Modified:
shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java
Modified: shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java
URL: http://svn.apache.org/viewvc/shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java?rev=1176695&r1=1176694&r2=1176695&view=diff
==============================================================================
--- shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java (original)
+++ shiro/trunk/core/src/main/java/org/apache/shiro/session/mgt/SimpleSession.java Wed Sep 28 03:18:53 2011
@@ -66,15 +66,31 @@ public class SimpleSession implements Va
private static final int HOST_BIT_MASK = 1 << bitIndexCounter++;
private static final int ATTRIBUTES_BIT_MASK = 1 << bitIndexCounter++;
- private Serializable id;
- private Date startTimestamp;
- private Date stopTimestamp;
- private Date lastAccessTime;
- private long timeout;
- private boolean expired;
- private String host;
-
- private Map<Object, Object> attributes;
+ // ==============================================================
+ // NOTICE:
+ //
+ // The following fields are marked as transient to avoid double-serialization.
+ // They are in fact serialized (even though 'transient' usually indicates otherwise),
+ // but they are serialized explicitly via the writeObject and readObject implementations
+ // in this class.
+ //
+ // If we didn't declare them as transient, the out.defaultWriteObject(); call in writeObject would
+ // serialize all non-transient fields as well, effectively doubly serializing the fields (also
+ // doubling the serialization size).
+ //
+ // This finding, with discussion, was covered here:
+ //
+ // http://mail-archives.apache.org/mod_mbox/shiro-user/201109.mbox/%3C4E81BCBD.8060909@metaphysis.net%3E
+ //
+ // ==============================================================
+ private transient Serializable id;
+ private transient Date startTimestamp;
+ private transient Date stopTimestamp;
+ private transient Date lastAccessTime;
+ private transient long timeout;
+ private transient boolean expired;
+ private transient String host;
+ private transient Map<Object, Object> attributes;
public SimpleSession() {
this.timeout = DefaultSessionManager.DEFAULT_GLOBAL_SESSION_TIMEOUT; //TODO - remove concrete reference to DefaultSessionManager