DefaultWebSecurityManager isHttpSessionMode() may be error
----------------------------------------------------------
Key: SHIRO-303
URL: https://issues.apache.org/jira/browse/SHIRO-303
Project: Shiro
Issue Type: Bug
Components: Web
Affects Versions: 1.1.0
Environment: isHttpSessionMode() in
org.apache.shiro.web.mgt.DefaultWebSecurityManager.java
Reporter: YangL
Fix For: 1.2.0
/**
* @since 1.0
*/
public boolean isHttpSessionMode() {
return this.sessionMode == null ||
this.sessionMode.equals(HTTP_SESSION_MODE);
}
---------------------------------------------------------------------------------------
may be error,and i think this method should as bellow:
public boolean isHttpSessionMode() {
String sm = getSessionMode();
return (sm!= null && sm.equals(HTTP_SESSION_MODE));
}
--
This message is automatically generated by JIRA.
For more information on JIRA, see: http://www.atlassian.com/software/jira
