Spring Security
  1. Spring Security
  2. SEC-1927

SessionManagementFilter does not add space between ID and session ID

    Details

    • Type: Bug Bug
    • Status: Closed
    • Priority: Trivial Trivial
    • Resolution: Complete
    • Affects Version/s: 3.1.0
    • Fix Version/s: 3.1.1
    • Component/s: Web
    • Labels:
      None

      Description

      The class org.springframework.security.web.session.SessionManagementFilter logs a wrong session ID in one of the debug log entries. In line 91 there is a missing space between the word 'ID' in the log message and the value:
      logger.debug("Requested session ID" + request.getRequestedSessionId() + " is invalid.");
      That leads to e.g. the following line:
      "Requested session IDBD230F0B1B30002A89B47B182FD2874E is invalid."
      If the reader of such a line is not mindful enough, he would looking for a session IDBD230F0B1B30002A89B47B182FD2874E which doesn't exists. It should be read:
      "Requested session ID BD230F0B1B30002A89B47B182FD2874E is invalid."

        Activity

        Hide
        Rob Winch added a comment -

        Resolved in master. I also added a guard to the log statement

        Show
        Rob Winch added a comment - Resolved in master. I also added a guard to the log statement

          People

          • Assignee:
            Rob Winch
            Reporter:
            Dominik Hirt
          • Votes:
            0 Vote for this issue
            Watchers:
            0 Start watching this issue

            Dates

            • Created:
              Updated:
              Resolved: