Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1372: SessionRegistryImpl.getAllSessions returns null, Interface says it shouldn't #1615

spring-issuemaster opened this Issue Jan 18, 2010 · 1 comment


None yet
1 participant

Nick Williams (Migrated from SEC-1372) said:

The documentation for org.springframework.security.core.session.SessionRegistry#getAllSessions(Object, boolean) says "Returns: the matching sessions for this principal (should not return null)." However, the default implementation org.springframework.security.core.session.SessionRegistryImpl#getAllSessions(Object, boolean) returns null if "final Set sessionsUsedByPrincipal = principals.get(principal)" is null.

It should, instead, return an empty list, per the interface specification and per good code practices such that methods that return lists should never return null, only empty lists when needed.

Luke Taylor said:

Makes sense. We should stick to our own contracts, so I've changed it to return an empty list. In practice the null was checked for in classes which consumed this method, so most users should be unaffected.

@spring-issuemaster spring-issuemaster added this to the 3.0.2 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment