From 5879d156926404a54aaabc623e5759105946b468 Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Wed, 15 Apr 2015 12:33:34 -0500 Subject: [PATCH] Valid HTTP session no longer invalidated when HttpSession not accessed Fixes gh-188 --- .../web/http/SessionRepositoryFilter.java | 4 ++- .../http/SessionRepositoryFilterTests.java | 26 +++++++++++++++++++ 2 files changed, 29 insertions(+), 1 deletion(-) diff --git a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java index 7ce2cc1..4bb6de6 100644 --- a/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java +++ b/spring-session/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java @@ -163,6 +163,7 @@ public class SessionRepositoryFilter extends OncePerR private final class SessionRepositoryRequestWrapper extends HttpServletRequestWrapper { private HttpSessionWrapper currentSession; private Boolean requestedSessionIdValid; + private boolean requestedSessionInvalidated; private final HttpServletResponse response; private final ServletContext servletContext; @@ -239,7 +240,7 @@ public class SessionRepositoryFilter extends OncePerR } private boolean isInvalidateClientSession() { - return currentSession == null && isRequestedSessionIdValid(); + return currentSession == null && requestedSessionInvalidated; } @Override @@ -372,6 +373,7 @@ public class SessionRepositoryFilter extends OncePerR public void invalidate() { checkState(); this.invalidated = true; + requestedSessionInvalidated = true; currentSession = null; sessionRepository.delete(getId()); } diff --git a/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java b/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java index c724a96..ca7c841 100644 --- a/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java +++ b/spring-session/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java @@ -19,6 +19,7 @@ import static org.fest.assertions.Assertions.assertThat; import static org.junit.Assert.fail; import static org.mockito.Matchers.any; import static org.mockito.Matchers.eq; +import static org.mockito.Mockito.never; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.when; @@ -1077,6 +1078,31 @@ public class SessionRepositoryFilterTests { verify(strategy).onInvalidateSession(any(HttpServletRequest.class),any(HttpServletResponse.class)); } + // gh-188 + @Test + public void doFilterRequestSessionNoRequestSessionDoesNotInvalidate() throws Exception { + filter.setHttpSessionStrategy(strategy); + + doFilter(new DoInFilter(){ + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + wrappedRequest.getSession().getId(); + } + }); + + HttpServletRequest request = (HttpServletRequest) chain.getRequest(); + String id = request.getSession().getId(); + when(strategy.getRequestedSessionId(any(HttpServletRequest.class))).thenReturn(id); + + doFilter(new DoInFilter(){ + @Override + public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException { + } + }); + + verify(strategy,never()).onInvalidateSession(any(HttpServletRequest.class),any(HttpServletResponse.class)); + } + // --- order @Test