SEC-1927: SessionManagementFilter does not add space between ID and session ID #2154

Closed
spring-issuemaster opened this Issue Mar 1, 2012 · 1 comment

2 participants

@spring-issuemaster

Dominik Hirt (Migrated from SEC-1927) said:

The class org.springframework.security.web.session.SessionManagementFilter logs a wrong session ID in one of the debug log entries. In line 91 there is a missing space between the word 'ID' in the log message and the value:
logger.debug("Requested session ID" + request.getRequestedSessionId() + " is invalid.");
That leads to e.g. the following line:
"Requested session IDBD230F0B1B30002A89B47B182FD2874E is invalid."
If the reader of such a line is not mindful enough, he would looking for a session IDBD230F0B1B30002A89B47B182FD2874E which doesn't exists. It should be read:
"Requested session ID BD230F0B1B30002A89B47B182FD2874E is invalid."

@spring-issuemaster

Rob Winch said:

Resolved in master. I also added a guard to the log statement

@spring-issuemaster spring-issuemaster added this to the 3.1.1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment