SEC-243: SessionRegistryImpl no longer incorrectly includes expired sessions.

20 years ago · 5f79a25860
1 changed files with 4 additions and 1 deletions
--- a/core/src/main/java/org/acegisecurity/concurrent/SessionRegistryImpl.java
+++ b/core/src/main/java/org/acegisecurity/concurrent/SessionRegistryImpl.java
@ -70,7 +70,10 @@ public class SessionRegistryImpl implements SessionRegistry,
				@@ -70,7 +70,10 @@ public class SessionRegistryImpl implements SessionRegistry,
        Iterator iter = sessionsUsedByPrincipal.iterator();
        while (iter.hasNext()) {
        	String sessionId = (String) iter.next();
-        	list.add(getSessionInformation(sessionId));
+        	SessionInformation sessionInformation = getSessionInformation(sessionId);
+        	if (!sessionInformation.isExpired()) {
+            	list.add(sessionInformation);
+        	}
        }

        return (SessionInformation[]) list.toArray(new SessionInformation[] {});