Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Already on GitHub? Sign in to your account

SEC-1927: SessionManagementFilter does not add space between ID and session ID #2154

spring-issuemaster opened this Issue Mar 1, 2012 · 1 comment


None yet
2 participants

Dominik Hirt (Migrated from SEC-1927) said:

The class org.springframework.security.web.session.SessionManagementFilter logs a wrong session ID in one of the debug log entries. In line 91 there is a missing space between the word 'ID' in the log message and the value:
logger.debug("Requested session ID" + request.getRequestedSessionId() + " is invalid.");
That leads to e.g. the following line:
"Requested session IDBD230F0B1B30002A89B47B182FD2874E is invalid."
If the reader of such a line is not mindful enough, he would looking for a session IDBD230F0B1B30002A89B47B182FD2874E which doesn't exists. It should be read:
"Requested session ID BD230F0B1B30002A89B47B182FD2874E is invalid."

Rob Winch said:

Resolved in master. I also added a guard to the log statement

@spring-issuemaster spring-issuemaster added this to the 3.1.1 milestone Feb 5, 2016

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment