WebSessionServerCsrfTokenRepository session fixation protection

Issue: gh-4842
This commit is contained in:
Rob Winch
2017-11-16 11:22:33 -06:00
parent 75a7c5268a
commit b19e14330f
2 changed files with 9 additions and 0 deletions

View File

@@ -102,4 +102,12 @@ public class WebSessionServerCsrfTokenRepositoryTests {
load = this.repository.loadToken(this.exchange).block();
assertThat(load).isNull();
}
@Test
public void saveTokenChangeSessionId() {
String originalSessionId = this.exchange.getSession().block().getId();
this.repository.saveToken(this.exchange, null).block();
WebSession session = this.exchange.getSession().block();
assertThat(session.getId()).isNotEqualTo(originalSessionId);
}
}