SEC-2036: Set cookie path to / when default context path in CookieClearingLogoutHandler
This commit is contained in:
@@ -14,6 +14,22 @@ import org.springframework.security.core.Authentication;
|
||||
* @author Luke Taylor
|
||||
*/
|
||||
public class CookieClearingLogoutHandlerTests {
|
||||
|
||||
// SEC-2036
|
||||
@Test
|
||||
public void emptyContextRootIsConverted() {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
MockHttpServletRequest request = new MockHttpServletRequest();
|
||||
request.setContextPath("");
|
||||
CookieClearingLogoutHandler handler = new CookieClearingLogoutHandler("my_cookie");
|
||||
handler.logout(request, response, mock(Authentication.class));
|
||||
assertEquals(1, response.getCookies().length);
|
||||
for (Cookie c : response.getCookies()) {
|
||||
assertEquals("/", c.getPath());
|
||||
assertEquals(0, c.getMaxAge());
|
||||
}
|
||||
}
|
||||
|
||||
@Test
|
||||
public void configuredCookiesAreCleared() {
|
||||
MockHttpServletResponse response = new MockHttpServletResponse();
|
||||
|
||||
Reference in New Issue
Block a user