Details
-
Type:
Bug
-
Status: Closed
-
Priority:
Default
-
Resolution: Not a bug
-
Affects Version/s: 1.0.1
-
Fix Version/s: None
-
Component/s: Engine
-
Labels:None
-
Environment:Windows XP, Sun JVM 1.4.2_06
Description
Trying to reject invalid (potentially malicious) Logon requests from an unrecognised IP address fromAdmin by throwing RejectLogon exception when a "bad" Logon is detected.
The JavaDoc for RejectLogon says:
"This exception causes a logon to be reject with an immediate disconnect."
However Session.next(Message) is calling generateLogout() when RejectLogon is caught, so the disconnect is not "immediate", and the "unauthorized" logon attempt consumes a sequence number in the outgoing direction which the "authorized" connecting system may not be aware of when next it logs in, causing a ResendRequest to be sent when a valid logon is finally established (see FIX Protocol 4.4 with Errata 20030618, Vol 2 - "Session Protocol", page 6).
Attachments
Issue Links
- is related to
-
QFJ-45 When rejecting a logon, allow logout message to be optional before disconnect.
-
- Closed
-