Polish CookieWebSessionIdResolver
This commit is contained in:
@@ -115,6 +115,7 @@ public final class ResponseCookie extends HttpCookie {
|
||||
* <p>This limits the scope of the cookie such that it will only be attached to
|
||||
* same site requests if {@code "Strict"} or cross-site requests if {@code "Lax"}.
|
||||
* @see <a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis#section-4.1.2.7">RFC6265 bis</a>
|
||||
* @since 5.1
|
||||
*/
|
||||
@Nullable
|
||||
public String getSameSite() {
|
||||
@@ -235,7 +236,7 @@ public final class ResponseCookie extends HttpCookie {
|
||||
}
|
||||
|
||||
@Override
|
||||
public ResponseCookieBuilder sameSite(String sameSite) {
|
||||
public ResponseCookieBuilder sameSite(@Nullable String sameSite) {
|
||||
this.sameSite = sameSite;
|
||||
return this;
|
||||
}
|
||||
@@ -295,9 +296,11 @@ public final class ResponseCookie extends HttpCookie {
|
||||
* <p>This limits the scope of the cookie such that it will only be
|
||||
* attached to same site requests if {@code "Strict"} or cross-site
|
||||
* requests if {@code "Lax"}.
|
||||
* <p>By default set to {@code "Strict"}.
|
||||
* @see <a href="https://tools.ietf.org/html/draft-ietf-httpbis-rfc6265bis#section-4.1.2.7">RFC6265 bis</a>
|
||||
* @since 5.1
|
||||
*/
|
||||
ResponseCookieBuilder sameSite(String sameSite);
|
||||
ResponseCookieBuilder sameSite(@Nullable String sameSite);
|
||||
|
||||
/**
|
||||
* Create the HttpCookie.
|
||||
|
||||
@@ -23,6 +23,7 @@ import java.util.stream.Collectors;
|
||||
|
||||
import org.springframework.http.HttpCookie;
|
||||
import org.springframework.http.ResponseCookie;
|
||||
import org.springframework.lang.Nullable;
|
||||
import org.springframework.util.Assert;
|
||||
import org.springframework.util.MultiValueMap;
|
||||
import org.springframework.web.server.ServerWebExchange;
|
||||
@@ -81,8 +82,9 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
|
||||
* Set the value for the "SameSite" attribute of the cookie that holds the
|
||||
* session id. For its meaning and possible values, see
|
||||
* {@link ResponseCookie#getSameSite()}.
|
||||
* <p>By default set to {@code "Strict"}
|
||||
* <p>By default set to {@code "Strict"}.
|
||||
* @param sameSite the SameSite value
|
||||
* @since 5.1
|
||||
*/
|
||||
public void setSameSite(String sameSite) {
|
||||
this.sameSite = sameSite;
|
||||
@@ -90,11 +92,13 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
|
||||
|
||||
/**
|
||||
* Return the configured "SameSite" attribute value for the session cookie.
|
||||
* @since 5.1
|
||||
*/
|
||||
public String getSameSite() {
|
||||
return this.sameSite;
|
||||
}
|
||||
|
||||
|
||||
@Override
|
||||
public List<String> resolveSessionIds(ServerWebExchange exchange) {
|
||||
MultiValueMap<String, HttpCookie> cookieMap = exchange.getRequest().getCookies();
|
||||
@@ -108,21 +112,26 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
|
||||
@Override
|
||||
public void setSessionId(ServerWebExchange exchange, String id) {
|
||||
Assert.notNull(id, "'id' is required");
|
||||
setSessionCookie(exchange, id, getCookieMaxAge(), getSameSite());
|
||||
ResponseCookie cookie = initSessionCookie(exchange, id, getCookieMaxAge(), getSameSite());
|
||||
exchange.getResponse().getCookies().set(this.cookieName, cookie);
|
||||
}
|
||||
|
||||
@Override
|
||||
public void expireSession(ServerWebExchange exchange) {
|
||||
setSessionCookie(exchange, "", Duration.ofSeconds(0), "");
|
||||
ResponseCookie cookie = initSessionCookie(exchange, "", Duration.ZERO, null);
|
||||
exchange.getResponse().getCookies().set(this.cookieName, cookie);
|
||||
}
|
||||
|
||||
private void setSessionCookie(ServerWebExchange exchange, String id, Duration maxAge, String sameSite) {
|
||||
String name = getCookieName();
|
||||
boolean secure = "https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme());
|
||||
String path = exchange.getRequest().getPath().contextPath().value() + "/";
|
||||
exchange.getResponse().getCookies().set(name,
|
||||
ResponseCookie.from(name, id).path(path)
|
||||
.maxAge(maxAge).httpOnly(true).secure(secure).sameSite(sameSite).build());
|
||||
private ResponseCookie initSessionCookie(
|
||||
ServerWebExchange exchange, String id, Duration maxAge, @Nullable String sameSite) {
|
||||
|
||||
return ResponseCookie.from(this.cookieName, id)
|
||||
.path(exchange.getRequest().getPath().contextPath().value() + "/")
|
||||
.maxAge(maxAge)
|
||||
.httpOnly(true)
|
||||
.secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme()))
|
||||
.sameSite(sameSite)
|
||||
.build();
|
||||
}
|
||||
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user