[jboss-jira] [JBoss JIRA] Closed: (JBAS-5608) Removing a session from a clustered sso entry removes all sessions

[Brian Stansberry (JIRA)]

     [ http://jira.jboss.com/jira/browse/JBAS-5608?page=all ]

Brian Stansberry closed JBAS-5608.
----------------------------------

    Fix Version/s: JBossAS-5.0.0.CR1
                       (was: JBossAS-5.0.0.CR2)
       Resolution: Done

> Removing a session from a clustered sso entry removes all sessions
> ------------------------------------------------------------------
>
>                 Key: JBAS-5608
>                 URL: http://jira.jboss.com/jira/browse/JBAS-5608
>             Project: JBoss Application Server
>          Issue Type: Bug
>      Security Level: Public(Everyone can see) 
>          Components: Web (Tomcat) service, Clustering
>    Affects Versions: JBossAS-5.0.0.Beta4, JBossAS-4.0.5.GA, JBossAS-4.2.1.GA, JBossAS-4.2.0.GA, JBossAS-4.2.2.GA
>            Reporter: Brian Stansberry
>         Assigned To: Brian Stansberry
>            Priority: Minor
>             Fix For: JBossAS-5.0.0.CR1, JBossAS-4.2.3.GA
>
>
> From SingleSignOnEntry.removeSession(...)
> boolean removed = false;
> Session[] nsessions = new Session[sessions.length - 1];
> ...
> sessions = nsessions;
> // Only if we removed a session, do we replace our session list
> if (removed)
>    sessions = nsessions;
> The line above the final if test defeats the purpose of the if test and sets sessions to an empty Session[].
> Minor problem because the "if (removed)" guard is just a safety check; in practice should return true whenever method is invoked.

-- 
This message is automatically generated by JIRA.
-
If you think it was sent incorrectly contact one of the administrators: http://jira.jboss.com/jira/secure/Administrators.jspa
-
For more information on JIRA, see: http://www.atlassian.com/software/jira