[FELIX-5175] Sessions are incorrectly destroyed - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: http.base-3.0.6, http.jetty-3.1.4, http.bridge-3.0.4
Fix Version/s: http.base-3.0.8, http.jetty-3.2.0, http.bridge-3.0.8
Component/s: HTTP Service
Labels:
None

Description

HttpSessionWrapper contains a static member, getExpiredSessionContextIds, that determines which sessions should be destroyed based on the timeouts that are set on each session.

The implementation incorrectly assumes these timeouts are in milliseconds, while the timeouts are actually set in seconds (see JavaDoc of HttpSession). This means that a timeout of 300 (5 minutes) is interpreted as 300 milliseconds, resulting in sessions being destroyed too soon.

(Found through ACE-528)

Attachments

Issue Links

relates to

ACE-528 No longer able to log in through Web UI

Open

Activity

People

Assignee:: J.W. Janssen

Reporter:: J.W. Janssen

Votes:: 0 Vote for this issue

Watchers:: 1 Start watching this issue

Dates

Created:: 28/Jan/16 09:41

Updated:: 01/Apr/16 07:40

Resolved:: 28/Jan/16 10:24