From 0b99da112bb9aae3c61ffe840e99ffb5db359d50 Mon Sep 17 00:00:00 2001
From: Daniel Gerhardt <code@dgerhardt.net>
Date: Wed, 25 Oct 2017 15:21:32 +0200
Subject: [PATCH] Do not trust session creation timestamp from client

Always set `creationTime` on session creation. Sessions with invalid
timestamps might otherwise be deleted by the scheduled cleanup.
---
 src/main/java/de/thm/arsnova/services/SessionService.java | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/main/java/de/thm/arsnova/services/SessionService.java b/src/main/java/de/thm/arsnova/services/SessionService.java
index 77a22e5b3..78a9ad7b7 100644
--- a/src/main/java/de/thm/arsnova/services/SessionService.java
+++ b/src/main/java/de/thm/arsnova/services/SessionService.java
@@ -278,6 +278,7 @@ public class SessionService implements ISessionService, ApplicationEventPublishe
 				throw new ForbiddenException();
 			}
 		}
+		session.setCreationTime(System.currentTimeMillis());
 		handleLogo(session);
 
 		// set some default values
-- 
GitLab