From c11f01afeb3f23ef7edd5c694223b361d6c9ae55 Mon Sep 17 00:00:00 2001
From: Robert von Burg <eitch@eitchnet.ch>
Date: Tue, 19 Sep 2017 13:45:29 +0200
Subject: [PATCH] [Fix] Fixed Session TTL not being respected in some cases

---
 .../li/strolch/privilege/handler/DefaultPrivilegeHandler.java | 2 ++
 .../java/li/strolch/rest/DefaultStrolchSessionHandler.java    | 4 ----
 2 files changed, 2 insertions(+), 4 deletions(-)

diff --git a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
index 212904019..7c5c12b64 100644
--- a/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
+++ b/li.strolch.privilege/src/main/java/li/strolch/privilege/handler/DefaultPrivilegeHandler.java
@@ -1431,6 +1431,8 @@ public class DefaultPrivilegeHandler implements PrivilegeHandler {
 		}
 
 		// everything is ok
+
+		certificate.setLastAccess(new Date());
 	}
 
 	@Override
diff --git a/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java b/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
index c06344c2b..5c1d146bc 100644
--- a/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
+++ b/li.strolch.rest/src/main/java/li/strolch/rest/DefaultStrolchSessionHandler.java
@@ -25,7 +25,6 @@ import java.time.ZoneId;
 import java.time.temporal.ChronoUnit;
 import java.util.ArrayList;
 import java.util.Collections;
-import java.util.Date;
 import java.util.HashMap;
 import java.util.List;
 import java.util.Locale;
@@ -143,7 +142,6 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
 		DBC.PRE.assertNotNull("Passwort must be set", password); //$NON-NLS-1$
 
 		Certificate certificate = this.privilegeHandler.authenticate(username, password);
-		certificate.setLastAccess(new Date());
 
 		this.certificateMap.put(certificate.getAuthToken(), certificate);
 		logger.info(MessageFormat.format("{0} sessions currently active.", this.certificateMap.size())); //$NON-NLS-1$
@@ -167,7 +165,6 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
 	public Certificate validate(Certificate certificate) throws StrolchNotAuthenticatedException {
 		try {
 			this.privilegeHandler.isCertificateValid(certificate);
-			certificate.setLastAccess(new Date());
 			return certificate;
 		} catch (PrivilegeException e) {
 			throw new StrolchNotAuthenticatedException(e.getMessage(), e);
@@ -196,7 +193,6 @@ public class DefaultStrolchSessionHandler extends StrolchComponent implements St
 		DBC.PRE.assertNotEmpty("challenge must be set", challenge); //$NON-NLS-1$
 
 		Certificate certificate = this.privilegeHandler.getPrivilegeHandler().validateChallenge(username, challenge);
-		certificate.setLastAccess(new Date());
 
 		this.certificateMap.put(certificate.getAuthToken(), certificate);
 		logger.info(MessageFormat.format("{0} sessions currently active.", this.certificateMap.size())); //$NON-NLS-1$