From 5f79a25860592eb30ea9d37165b95ccc87d0a323 Mon Sep 17 00:00:00 2001
From: Ben Alex <ben.alex@springsource.com>
Date: Wed, 26 Apr 2006 02:36:37 +0000
Subject: [PATCH] SEC-243: SessionRegistryImpl no longer incorrectly includes
 expired sessions.

---
 .../org/acegisecurity/concurrent/SessionRegistryImpl.java    | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/core/src/main/java/org/acegisecurity/concurrent/SessionRegistryImpl.java b/core/src/main/java/org/acegisecurity/concurrent/SessionRegistryImpl.java
index 36035b2041..c25f5643f9 100644
--- a/core/src/main/java/org/acegisecurity/concurrent/SessionRegistryImpl.java
+++ b/core/src/main/java/org/acegisecurity/concurrent/SessionRegistryImpl.java
@@ -70,7 +70,10 @@ public class SessionRegistryImpl implements SessionRegistry,
         Iterator iter = sessionsUsedByPrincipal.iterator();
         while (iter.hasNext()) {
         	String sessionId = (String) iter.next();
-        	list.add(getSessionInformation(sessionId));
+        	SessionInformation sessionInformation = getSessionInformation(sessionId);
+        	if (!sessionInformation.isExpired()) {
+            	list.add(sessionInformation);
+        	}
         }
 
         return (SessionInformation[]) list.toArray(new SessionInformation[] {});