SEC-1927: SessionManagementFilter does not add space between ID and session ID #2154

spring-issuemaster opened this Issue Mar 1, 2012 · 1 comment


None yet

2 participants


Dominik Hirt (Migrated from SEC-1927) said:

The class logs a wrong session ID in one of the debug log entries. In line 91 there is a missing space between the word 'ID' in the log message and the value:
logger.debug("Requested session ID" + request.getRequestedSessionId() + " is invalid.");
That leads to e.g. the following line:
"Requested session IDBD230F0B1B30002A89B47B182FD2874E is invalid."
If the reader of such a line is not mindful enough, he would looking for a session IDBD230F0B1B30002A89B47B182FD2874E which doesn't exists. It should be read:
"Requested session ID BD230F0B1B30002A89B47B182FD2874E is invalid."


Rob Winch said:

Resolved in master. I also added a guard to the log statement

@spring-issuemaster spring-issuemaster added this to the 3.1.1 milestone Feb 5, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment