Uploaded image for project: 'Shibboleth SP - C++'
  1. Shibboleth SP - C++
  2. SSPCPP-704

Bad lastAccess check in SSCache::find

    XMLWordPrintable

    Details

    • Type: Bug
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: 2.6.0
    • Fix Version/s: 2.6.1
    • Component/s: Session Cache
    • Labels:
      None
    • Operating System:
      Multiple
    • CPU Type:
      Multiple
    • C/C++ Compiler:
      Multiple
    • Web Server:
      Multiple

      Description

      Commit 92380630c4c151f5bf3205ed816a06ef018c52b2 to resolve SSPCPP-699 introduces a bad if-check on the lastAccess variable in shibsp/impl/StorageServiceSessionCache.cpp in the hunk starting at line 1623:

      +            if (lastAccess = 0) {
      +                m_log.error("session (ID: %s) did not report time of last access", key);
      +                throw RetryableProfileException("Your session has expired, and you must re-authenticate.");
      +            }
      

      This causes SSCache::find() to always report sessions as timed out if called from the shibd side and if given a timeout to enforce. I couldn't find any immediate cases that were affected, but custom handlers that people write may be (as is the case for me).

        Attachments

          Activity

            People

            Assignee:
            cantor.2@osu.edu Scott Cantor
            Reporter:
            vtsji@unitedid.org vtsji@unitedid.org
            Watchers:
            2 Start watching this issue

              Dates

              Created:
              Updated:
              Resolved:

                Time Tracking

                Estimated:
                Original Estimate - Not Specified
                Not Specified
                Remaining:
                Remaining Estimate - 0 minutes
                0m
                Logged:
                Time Spent - 30 minutes
                30m