`SessionAuthentication._session` is not marked as `transient` #12309

janbartel · 2024-09-25T01:12:32Z

Jetty version(s)
jetty-12.0.x

Jetty Environment
core security

The org.eclipse.jetty.security.authentication.SessionAuthentication class has a HttpSession _session data member which must be marked as transient to prevent it being serialized. This keyword is missing.

The text was updated successfully, but these errors were encountered:

…sion

…sion (#12310)

janbartel added the Bug For general bugs on Jetty side label Sep 25, 2024

janbartel self-assigned this Sep 25, 2024

janbartel added this to Jetty 12.0.14 Sep 25, 2024

janbartel added a commit that referenced this issue Sep 25, 2024

Issue #12309 replaced transient keyword for SessionAuthentication.ses…

64bf7b8

…sion

This was referenced Sep 25, 2024

Issue #12309 replaced transient keyword for SessionAuthentication.session #12310

Merged

Use sessionRequest for wrapping HTTP stream instead of original Request #12303

Merged

janbartel added a commit that referenced this issue Sep 25, 2024

Issue #12309 replaced transient keyword for SessionAuthentication.ses…

04fd45d

…sion (#12310)

janbartel closed this as completed in #12310 Sep 25, 2024

github-project-automation bot moved this to ✅ Done in Jetty 12.0.14 Sep 25, 2024

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

`SessionAuthentication._session` is not marked as `transient` #12309

`SessionAuthentication._session` is not marked as `transient` #12309

janbartel commented Sep 25, 2024

SessionAuthentication._session is not marked as transient #12309

SessionAuthentication._session is not marked as transient #12309

Comments

janbartel commented Sep 25, 2024

`SessionAuthentication._session` is not marked as `transient` #12309

`SessionAuthentication._session` is not marked as `transient` #12309