From 29ad2383079bbcfe6d6ec0bd2a5d8640c35c3fad Mon Sep 17 00:00:00 2001 From: Dave Syer Date: Thu, 19 Feb 2015 16:07:57 -0600 Subject: [PATCH] Invoke HttpSessionStrategy.onNewSession if session id changed Fixes gh-154 --- .../web/http/SessionRepositoryFilter.java | 2 +- .../http/SessionRepositoryFilterTests.java | 32 +++++++++++++++++++ 2 files changed, 33 insertions(+), 1 deletion(-) diff --git a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java index bf1843e..14b8e23 100644 --- a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java +++ b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java @@ -170,7 +170,7 @@ public class SessionRepositoryFilter extends OncePerR } else { S session = wrappedSession.session; sessionRepository.save(session); - if(!requestedValidSession) { + if(!requestedValidSession || !session.getId().equals(getRequestedSessionId())) { httpSessionStrategy.onNewSession(session, this, response); } } diff --git a/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java b/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java index 03e4e98..c705651 100644 --- a/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java +++ b/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java @@ -323,6 +323,38 @@ public class SessionRepositoryFilterTests { assertThat(wrappedRequest.getSession().isNew()).isFalse(); } }); + + assertThat(response.getCookie("SESSION")).isNull(); + } + + @Test + public void doFilterSetsCookieIfChanged() throws Exception { + sessionRepository = new MapSessionRepository() { + @Override + public ExpiringSession getSession(String id) { + return createSession(); + } + }; + filter = new SessionRepositoryFilter(sessionRepository); + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(); + } + }); + assertThat(response.getCookie("SESSION")).isNotNull(); + + setupSession(); + + response.reset(); + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.getSession().isNew()).isFalse(); + } + }); + + assertThat(response.getCookie("SESSION")).isNotNull(); } @Test