From a28a59be89a0cc626a13664679a8cffa82d9924c Mon Sep 17 00:00:00 2001 From: Jan Bartel Date: Thu, 19 May 2016 16:30:39 +1000 Subject: [PATCH] Sessions expire if now is >= calculated expiry --- .../eclipse/jetty/server/session/SessionData.java | 3 +-- .../AbstractSessionInvalidateAndCreateTest.java | 12 +++++------- 2 files changed, 6 insertions(+), 9 deletions(-) diff --git a/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionData.java b/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionData.java index 2b47aaf0d16..152e1a980c3 100644 --- a/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionData.java +++ b/jetty-server/src/main/java/org/eclipse/jetty/server/session/SessionData.java @@ -354,8 +354,7 @@ public class SessionData implements Serializable LOG.debug("Testing expiry on session {}: Never expires? {} Is expired?{}", _id, (getExpiry()<= 0), (getExpiry() < time)); if (getExpiry() <= 0) return false; //never expires - - return (getExpiry() < time); + return (getExpiry() <= time); } /** diff --git a/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractSessionInvalidateAndCreateTest.java b/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractSessionInvalidateAndCreateTest.java index b36ea739f54..52e12b27ac1 100644 --- a/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractSessionInvalidateAndCreateTest.java +++ b/tests/test-sessions/test-sessions-common/src/main/java/org/eclipse/jetty/server/session/AbstractSessionInvalidateAndCreateTest.java @@ -57,7 +57,7 @@ public abstract class AbstractSessionInvalidateAndCreateTest { public class MySessionListener implements HttpSessionListener { - List destroys; + List destroys = new ArrayList<>(); public void sessionCreated(HttpSessionEvent e) { @@ -66,9 +66,6 @@ public abstract class AbstractSessionInvalidateAndCreateTest public void sessionDestroyed(HttpSessionEvent e) { - if (destroys == null) - destroys = new ArrayList<>(); - destroys.add(e.getSession().hashCode()); } } @@ -129,9 +126,9 @@ public abstract class AbstractSessionInvalidateAndCreateTest request2.header("Cookie", sessionCookie); ContentResponse response2 = request2.send(); assertEquals(HttpServletResponse.SC_OK,response2.getStatus()); - + // Wait for the scavenger to run - pause(inactivePeriod+scavengePeriod); + pause(inactivePeriod+(2*scavengePeriod)); //test that the session created in the last test is scavenged: //the HttpSessionListener should have been called when session1 was invalidated and session2 was scavenged @@ -186,6 +183,7 @@ public abstract class AbstractSessionInvalidateAndCreateTest { HttpSession session = request.getSession(true); session.setAttribute("identity", "session1"); + session.setMaxInactiveInterval(-1); //don't let this session expire, we want to explicitly invalidate it } else if ("test".equals(action)) { @@ -196,7 +194,7 @@ public abstract class AbstractSessionInvalidateAndCreateTest //invalidate existing session session.invalidate(); - + //now try to access the invalid session try {