SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.

2025-06-26 13:53:14 +00:00 · 2011-07-13 20:56:47 +01:00 · 2011-07-13 20:56:47 +01:00 · a504cfae1a
commit a504cfae1a
parent d5946b81b4
1 changed files with 1 additions and 1 deletions
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@ -101,7 +101,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
                    return;
                } else {
                    // Non-expired - update last request date/time
-                    info.refreshLastRequest();
+                    sessionRegistry.refreshLastRequest(info.getSessionId());
                }
            }
        }