Bug 60926

Summary: Servlet 4 method ApplicationContextFacade.setSessionTimeout() calls wrong method
Product: Tomcat 8 Reporter: Konstantin Kolinko <knst.kolinko>
Component: CatalinaAssignee: Tomcat Developers Mailing List <dev>
Status: RESOLVED FIXED    
Severity: normal    
Priority: P2    
Version: 8.5.12   
Target Milestone: ----   
Hardware: PC   
OS: All   

Description Konstantin Kolinko 2017-03-27 23:24:31 UTC
Noted when reviewing r1784768 while investigating a different bug:

in org.apache.catalina.core.ApplicationContextFacade:

    @Override
    public void setSessionTimeout(int sessionTimeout) {
        if (SecurityUtil.isPackageProtectionEnabled()) {
            doPrivileged("getSessionTimeout", new Object[] { Integer.valueOf(sessionTimeout) });
        } else  {
            context.setSessionTimeout(sessionTimeout);
        }
    }

calls a wrong method when running with SecurityManager:

s/"getSessionTimeout"/"setSessionTimeout"/
Comment 1 Violeta Georgieva 2017-03-28 07:13:09 UTC
Hi,

This is fixed with r1784911.

Regards,
Violeta
Comment 2 Konstantin Kolinko 2017-03-28 10:16:29 UTC
Looking into src.zip of 8.5.13, this was fixed in trunk only, but not in 8.5.
Comment 3 Violeta Georgieva 2017-03-28 10:36:51 UTC
(In reply to Konstantin Kolinko from comment #2)
> Looking into src.zip of 8.5.13, this was fixed in trunk only, but not in 8.5.

You are right. I backported this change to Tomcat 8.5 - r1789090.
The fix will be available in 8.5.14 onwards.

Thanks,
Violeta