Sessions expire if now is >= calculated expiry

2016-05-19 16:30:39 +10:00 · 2016-05-19 16:30:39 +10:00 · a28a59be89
parent 49ce555add
commit a28a59be89
2 changed files with 6 additions and 9 deletions
--- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionData.java
+++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionData.java
@ -354,8 +354,7 @@ public class SessionData implements Serializable
            LOG.debug("Testing expiry on session {}: Never expires? {} Is expired?{}", _id, (getExpiry()<= 0), (getExpiry() < time));
        if (getExpiry() <= 0)
            return false; //never expires
-        
-        return (getExpiry() < time);
+        return (getExpiry() <= time);
    }
    
    /** 
--- a/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractSessionInvalidateAndCreateTest.java
+++ b/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractSessionInvalidateAndCreateTest.java
@ -57,7 +57,7 @@ public abstract class AbstractSessionInvalidateAndCreateTest
 {
    public class MySessionListener implements HttpSessionListener
    {
-        List<Integer> destroys;
+        List<Integer> destroys = new ArrayList<>();

        public void sessionCreated(HttpSessionEvent e)
        {
@ -66,9 +66,6 @@ public abstract class AbstractSessionInvalidateAndCreateTest

        public void sessionDestroyed(HttpSessionEvent e)
        {
-            if (destroys == null)
-                destroys = new ArrayList<>();
-
            destroys.add(e.getSession().hashCode());
        }
    }
@ -129,9 +126,9 @@ public abstract class AbstractSessionInvalidateAndCreateTest
                request2.header("Cookie", sessionCookie);
                ContentResponse response2 = request2.send();
                assertEquals(HttpServletResponse.SC_OK,response2.getStatus());
-         
+
                // Wait for the scavenger to run
-                pause(inactivePeriod+scavengePeriod);
+                pause(inactivePeriod+(2*scavengePeriod));

                //test that the session created in the last test is scavenged:
                //the HttpSessionListener should have been called when session1 was invalidated and session2 was scavenged
@ -186,6 +183,7 @@ public abstract class AbstractSessionInvalidateAndCreateTest
            {
                HttpSession session = request.getSession(true);
                session.setAttribute("identity", "session1");
+                session.setMaxInactiveInterval(-1); //don't let this session expire, we want to explicitly invalidate it
            }
            else if ("test".equals(action))
            {
@ -196,7 +194,7 @@ public abstract class AbstractSessionInvalidateAndCreateTest

                    //invalidate existing session
                    session.invalidate();
-                    
+
                    //now try to access the invalid session
                    try
                    {