From a3c1e9dc78f4d09d2d65a2d3761ea406cf2b0689 Mon Sep 17 00:00:00 2001
From: Carlos Ruiz <carg67@gmail.com>
Date: Mon, 10 Dec 2012 15:11:21 -0500
Subject: [PATCH] IDEMPIERE-455 Discover and fix FindBugs problems / Pattern
 SQL_NONCONSTANT_STRING_PASSED_TO_EXECUTE

---
 .../webui/LoggedSessionListener.java          | 38 ++++++++-----------
 1 file changed, 15 insertions(+), 23 deletions(-)

diff --git a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/LoggedSessionListener.java b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/LoggedSessionListener.java
index 02330372a6..7976a753df 100644
--- a/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/LoggedSessionListener.java
+++ b/org.adempiere.ui.zk/WEB-INF/src/org/adempiere/webui/LoggedSessionListener.java
@@ -1,8 +1,7 @@
 package org.adempiere.webui;
 
-import java.sql.ResultSet;
-import java.sql.Statement;
 import java.util.Hashtable;
+import java.util.List;
 
 import javax.servlet.ServletContextEvent;
 import javax.servlet.ServletContextListener;
@@ -10,8 +9,10 @@ import javax.servlet.http.HttpSession;
 import javax.servlet.http.HttpSessionEvent;
 import javax.servlet.http.HttpSessionListener;
 
+import org.adempiere.exceptions.AdempiereException;
 import org.compiere.Adempiere;
 import org.compiere.model.MSession;
+import org.compiere.model.Query;
 import org.compiere.model.ServerStateChangeEvent;
 import org.compiere.model.ServerStateChangeListener;
 import org.compiere.util.DB;
@@ -53,34 +54,25 @@ public class LoggedSessionListener implements HttpSessionListener, ServletContex
 			Adempiere.addServerStateChangeListener(this);
 			return;
 		}
-		
+
 		String serverName = WebUtil.getServerName();
-		String sql = "UPDATE AD_Session SET processed = 'Y' WHERE processed ='N' AND servername = '"+serverName+"'";
-		Statement stmt = DB.createStatement();
-		try{
-			stmt.executeUpdate(sql);
-		}catch (Exception e) {
-			System.out.println("UpdateSession: "+e);
+		String sql = "UPDATE AD_Session SET Processed='Y' WHERE Processed='N' AND ServerName=?";
+		int no = DB.executeUpdate(sql, new Object[] {serverName}, false, null);
+		if (no < 0) {
+			throw new AdempiereException("UpdateSession: Cannot Destroy All Session");
 		}
 		
 		Adempiere.removeServerStateChangeListener(this);
 	}
 	
 	public void removeADSession(String sessionID, String serverName) {
-		StringBuilder sql = new StringBuilder("SELECT * FROM AD_Session WHERE websession = '");
-		sql.append(sessionID)
-			.append("' AND servername = '")
-			.append(serverName).append("' AND processed = 'N'");
-		Statement stmt = DB.createStatement();
-		try{
-			ResultSet rs = stmt.executeQuery(sql.toString());
-			if(rs.next()){
-				MSession mSession = new MSession(Env.getCtx(), rs, null);
-				mSession.setProcessed(true);
-				mSession.save();
-			}
-		}catch (Exception e) {
-			System.out.println("UpdateSession: "+e);
+		String whereClause = "WebSession=? AND ServerName=? AND Processed='N'";
+		List<MSession> sessions = new Query(Env.getCtx(), MSession.Table_Name, whereClause, null)
+			.setParameters(sessionID, serverName)
+			.list();
+		for (MSession session : sessions) {
+			session.setProcessed(true);
+			session.saveEx();
 		}
 	}