Skip to content

SEC-2470: SessionFixationProtectionStrategy should migrate maxInactiveInterval #2693

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Closed
spring-projects-issues opened this issue Jan 24, 2014 · 1 comment
Closed

SEC-2470: SessionFixationProtectionStrategy should migrate maxInactiveInterval #2693

spring-projects-issues opened this issue Jan 24, 2014 · 1 comment
Assignees
@eleftherias
Labels
in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release
Milestone
5.4.0-M1

Comments

@spring-projects-issues
Copy link

Dan Dormont (Migrated from SEC-2470) said:

When SessionFixationProtectionStrategy creates a new HTTPSession based on an existing session, even if migrateSessionAttributes is enabled, it does not preserve the maxInactiveInterval value from the previous session.

The Javadoc doesn't say it does, so perhaps this isn't strictly a bug, but it seems like a reasonable expectation that SessionFixationProtectionStrategy would have this behavior.
@spring-projects-issues
Copy link
Author

Rob Winch said:

I can understand the confusion, but the session attributes are attributes defined by HttpSession#getAttribute(String). This does not include other properties of HttpSession. I have changed this to an enhancement and scheduled it for the next non-patch release.

@spring-projects-issues spring-projects-issues added in: web An issue in web modules (web, webmvc) Open type: enhancement A general enhancement type: jira An issue that was migrated from JIRA labels Feb 5, 2016
@spring-projects-issues spring-projects-issues added this to the 4.0 Backlog milestone Feb 5, 2016
@rwinch rwinch modified the milestone: 4.0 Backlog Aug 15, 2016
@rwinch rwinch removed the Open label May 3, 2019
@eleftherias eleftherias mentioned this issue Nov 27, 2019
Closed
@eleftherias eleftherias self-assigned this Mar 12, 2020
@eleftherias eleftherias added type: breaks-passivity A change that breaks passivity with the previous release and removed type: enhancement A general enhancement type: jira An issue that was migrated from JIRA labels Mar 12, 2020
eleftherias added a commit that referenced this issue Mar 12, 2020
@eleftherias
Polish transfer session's max inactive interval
47011eb 
Issue: gh-2693
@eleftherias eleftherias added this to the 5.4.0 milestone Mar 12, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@eleftherias eleftherias

Labels
in: web An issue in web modules (web, webmvc) type: breaks-passivity A change that breaks passivity with the previous release
Projects
None yet
Milestone
5.4.0-M1
Development

No branches or pull requests
3 participants
@rwinch @eleftherias @spring-projects-issues