From d795836bf152691a02ec0b36c75227ceb9ccd38a Mon Sep 17 00:00:00 2001 From: Ben Alex Date: Tue, 23 May 2006 10:49:23 +0000 Subject: [PATCH] SEC-266: Handle -1 allowing unlimited logins, as per JavaDocs. --- .../concurrent/ConcurrentSessionControllerImpl.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionControllerImpl.java b/core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionControllerImpl.java index 7b99a6a35a..5ffc2e3f2f 100644 --- a/core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionControllerImpl.java +++ b/core/src/main/java/org/acegisecurity/concurrent/ConcurrentSessionControllerImpl.java @@ -121,7 +121,11 @@ public class ConcurrentSessionControllerImpl "getMaximumSessionsForThisUser() must return either -1 to allow unlimited logins, or a positive integer to specify a maximum"); if (sessionCount < allowableSessions) { + // They haven't got too many login sessions running at present return; + } else if (allowableSessions == -1) { + // We permit unlimited logins + return; } else if (sessionCount == allowableSessions) { // Only permit it though if this request is associated with one of the sessions for (int i = 0; i < sessionCount; i++) {