Issue #12309 replaced transient keyword for SessionAuthentication.session

jetty / jetty.project

Eclipse Jetty® - Web Container & Clients - supports HTTP/2, HTTP/1.1, HTTP/1.0, websocket, servlets, and more

https://eclipse.dev/jetty

Other

3.86k stars 1.91k forks source link

Issue #12309 replaced transient keyword for SessionAuthentication.session #12310

Closed janbartel closed 1 month ago

janbartel commented 1 month ago

Closes #12309

The transient keyword was removed from the SessionAuthentication class private data member Session session. This leads to problems because the SessionAuthentication itself is stored in the session during some forms of authentication, such as form or openid. Thus, if the session needs to be passivated, there is a backpointer to itself.