You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
migrated from Bugzilla #407045
status ASSIGNED severity enhancement in component server for 9.0.x
Reported in version 9.0.2 on platform PC
Assigned to: Jan Bartel
On 2013-05-02 03:22:03 -0400, Oliver Z wrote:
JDBCSessionIdManager.java:1040 and JDBCSessionIdManager:1042
Statement statement = con.createStatement();
//take them out of the sessionIds table
statement.executeUpdate(fillInClause("delete from "+_sessionIdTable+" where id in ", ids, start, end));
//take them out of the sessions table
statement.executeUpdate(fillInClause("delete from "+_sessionTable+" where sessionId in ", ids, start, end));
block++;
This should be a preparet statement.
On 2013-05-02 03:42:38 -0400, Jan Bartel wrote:
Oliver,
I've edited the title of this bug, as it makes it sound as if jetty is using input that comes from a user on a browser to determine which sessions should be deleted, which might mislead some people.
Just an observation, but it appears from googling this that it is going to be difficult to find a solution that uses PreparedStatements with an sql IN clause, particularly as the number of args to the IN clause can vary.
With jetty-9.4 the session architecture has been substantially rewritten. The JDBCSessionIdManager no longer exists, and thus these particular queries no longer exist either.
migrated from Bugzilla #407045
status ASSIGNED severity enhancement in component server for 9.0.x
Reported in version 9.0.2 on platform PC
Assigned to: Jan Bartel
On 2013-05-02 03:22:03 -0400, Oliver Z wrote:
On 2013-05-02 03:42:38 -0400, Jan Bartel wrote:
On 2013-05-02 04:10:58 -0400, Jan Bartel wrote:
On 2013-05-02 20:36:55 -0400, Jan Bartel wrote:
The text was updated successfully, but these errors were encountered: