From a504cfae1a09dec78df9a2e1d52917b62561e3d8 Mon Sep 17 00:00:00 2001
From: Luke Taylor <luke.taylor@springsource.com>
Date: Wed, 13 Jul 2011 20:56:47 +0100
Subject: [PATCH] SEC-1770: Call refreshLastRequest on the session registry
 rather than the SessionInformation object to make sure it works with
 alternative SessionRegistry implementations.

---
 .../security/web/session/ConcurrentSessionFilter.java           | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
index ec0c9c90de..e740f3697b 100644
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@@ -101,7 +101,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
                     return;
                 } else {
                     // Non-expired - update last request date/time
-                    info.refreshLastRequest();
+                    sessionRegistry.refreshLastRequest(info.getSessionId());
                 }
             }
         }