SEC-1770: Call refreshLastRequest on the session registry rather than the SessionInformation object to make sure it works with alternative SessionRegistry implementations.

2025-07-24 11:13:30 +00:00 · 2011-07-13 20:56:47 +01:00 · 2011-07-13 20:56:47 +01:00 · ca2af8bc59
commit ca2af8bc59
parent 6f59805ef3
1 changed files with 1 additions and 1 deletions
--- a/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
+++ b/web/src/main/java/org/springframework/security/web/session/ConcurrentSessionFilter.java
@ -101,7 +101,7 @@ public class ConcurrentSessionFilter extends GenericFilterBean {
                    return;
                } else {
                    // Non-expired - update last request date/time
-                    info.refreshLastRequest();
+                    sessionRegistry.refreshLastRequest(info.getSessionId());
                }
            }
        }