A security problem is ReleaseSession adds whatever T session passed to _available, whether it was issued by you or not.
You can change _inUse like so:
HashSet _inUse = new HashSet<T>(new ObjectReferenceEqualityComparer<T>())
where ObjectReferenceEqualityComparer is an EqualityComparer that uses Object.ReferenceEquals ObjectReferenceEqualityComparer is an EqualityComparer that uses Object.ReferenceEquals and check whether _inUse contains session before adding it to the _available to avoid that problem.
You may think because you intend, for now, to use this pool with class X, which you think, for now, this problem does not apply. It may turn out that this problem applies to X after all, or someone else, or even yourself, may use this pool for some other class Y.
A security problem is ReleaseSession adds whatever T session passed to _available, whether it was issued by you or not.
You can change _inUse like so:
HashSet _inUse = new HashSet<T>(new ObjectReferenceEqualityComparer<T>())
where ObjectReferenceEqualityComparer is an EqualityComparer that uses Object.ReferenceEquals and check whether _inUse contains session before adding it to the _available to avoid that problem.
You may think because you intend, for now, to use this pool with class X, which you think, for now, this problem does not apply. It may turn out that this problem applies to X after all, or someone else, or even yourself, may use this pool for some other class Y.
A security problem is ReleaseSession adds whatever T session passed to _available, whether it was issued by you or not.
You can change _inUse like so:
HashSet _inUse = new HashSet<T>(new ObjectReferenceEqualityComparer<T>())
where ObjectReferenceEqualityComparer is an EqualityComparer that uses Object.ReferenceEquals and check whether _inUse contains session before adding it to the _available to avoid that problem.
You may think because you intend, for now, to use this pool with class X, which you think, for now, this problem does not apply. It may turn out that this problem applies to X after all, or someone else, or even yourself, may use this pool for some other class Y.
A security problem is ReleaseSession adds whatever T session passed to _available, whether it was issued by you or not.
You can change _inUse like so:
HashSet _inUse = new HashSet<T>(new ObjectReferenceEqualityComparer<T>())
where ObjectReferenceEqualityComparer is an EqualityComparer that uses Object.ReferenceEquals and check whether _inUse contains session before adding it to the _available to avoid that problem.
You may think because you intend, for now, to use this pool with class X, which you think, for now, this problem does not apply. It may turn out that this problem applies to X after all, or someone else, or even yourself, may use this pool for some other class Y.