Closed Deuce1058 closed 3 years ago
com.yardi.userServices.LoginHandler doGet() needs to set sessionID in com.yardi.shared.userServices.LoginRequest immediately after call to LoginRequest.setChangePwd()
Better yet, com,yardi.ejb.LoginUserServicesBean loginSuccess() should already have sessionID because com.yardi.userServices.LoginHandler checkSession() called LoginUserServicesBean.setSessionID() on subsequent logins
LoginUserServicesBean loginSuccess() should pass instance variable sessionID on call to com.yardi.ejb.LoginSessionsTableBean update()
see 57150fa282570fef6dfa15ba3e1006ac73e62f4f see 2598d9428a17d6ac8a0669656ff3e62b4ab4511d
com,yardi.ejb.LoginUserServicesBean loginSuccess() realizes that there is already a row in DB2ADMIN.SESSIONS_TABLE for the user and calls com.yardi.ejb.LoginSessionsTableBean update() .
com.yardi.ejb.LoginSessionsTableBean update() calls com.yardi.shared.userServices.PasswordAuthentication hash() to hash the new session ID and gets null
audit parms passed to com.yardi.shared.userServices.PasswordAuthentication hash()
Login_Sessions_Table sessionsTable, String sessionID, String lastRequest, java.sql.Timestamp lastActive