From 369e98c7eff46d229c5e84b9252590239a53f625 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 19 Feb 2015 16:40:23 -0600 Subject: [PATCH] SessionRepositoryRequestWrapper overrides isRequestedSessionIdValid Fixes gh-142, gh-153 --- .../web/http/SessionRepositoryFilter.java | 25 ++++++++-- .../http/SessionRepositoryFilterTests.java | 46 +++++++++++++++++++ 2 files changed, 67 insertions(+), 4 deletions(-) diff --git a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java index 14b8e23..ee89cf2 100644 --- a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java +++ b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java @@ -150,7 +150,7 @@ public class SessionRepositoryFilter extends OncePerR */ private final class SessionRepositoryRequestWrapper extends HttpServletRequestWrapper { private HttpSessionWrapper currentSession; - private boolean requestedValidSession; + private Boolean requestedSessionIdValid; private final HttpServletResponse response; private SessionRepositoryRequestWrapper(HttpServletRequest request, HttpServletResponse response) { @@ -170,14 +170,31 @@ public class SessionRepositoryFilter extends OncePerR } else { S session = wrappedSession.session; sessionRepository.save(session); - if(!requestedValidSession || !session.getId().equals(getRequestedSessionId())) { + if(!isRequestedSessionIdValid() || !session.getId().equals(getRequestedSessionId())) { httpSessionStrategy.onNewSession(session, this, response); } } } + public boolean isRequestedSessionIdValid() { + if(requestedSessionIdValid == null) { + String sessionId = getRequestedSessionId(); + S session = sessionId == null ? null : sessionRepository.getSession(sessionId); + return isRequestedSessionIdValid(session); + } + + return requestedSessionIdValid; + } + + private boolean isRequestedSessionIdValid(S session) { + if(requestedSessionIdValid == null) { + requestedSessionIdValid = session != null; + } + return requestedSessionIdValid; + } + private boolean isInvalidateClientSession() { - return currentSession == null && requestedValidSession; + return currentSession == null && isRequestedSessionIdValid(); } @Override @@ -189,7 +206,7 @@ public class SessionRepositoryFilter extends OncePerR if(requestedSessionId != null) { S session = sessionRepository.getSession(requestedSessionId); if(session != null) { - this.requestedValidSession = true; + this.requestedSessionIdValid = true; currentSession = new HttpSessionWrapper(session, getServletContext()); currentSession.setNew(false); return currentSession; diff --git a/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java b/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java index c705651..9339232 100644 --- a/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java +++ b/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java @@ -393,6 +393,52 @@ public class SessionRepositoryFilterTests { assertNoSession(); } + @Test + public void doFilterIsRequestedValidSessionTrue() throws Exception { + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + wrappedRequest.getSession(); + } + }); + + setupSession(); + request.setRequestedSessionIdValid(false); // ensure we are using wrapped request + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.isRequestedSessionIdValid()).isTrue(); + } + }); + } + + // gh-142, gh-153 + @Test + public void doFilterIsRequestedValidSessionFalseInvalidId() throws Exception { + setSessionCookie("invalid"); + request.setRequestedSessionIdValid(true); // ensure we are using wrapped request + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.isRequestedSessionIdValid()).isFalse(); + } + }); + } + + @Test + public void doFilterIsRequestedValidSessionFalse() throws Exception { + request.setRequestedSessionIdValid(true); // ensure we are using wrapped request + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest) { + assertThat(wrappedRequest.isRequestedSessionIdValid()).isFalse(); + } + }); + } + @Test public void doFilterGetSessionGetSessionFalse() throws Exception { doFilter(new DoInFilter() {