SessionRepositoryFilter caches null session lookup

If a session cannot be found by id, we will cache that result for any
subsequent calls to getSession(false) for the duration of this request.

Fixes gh-423
This commit is contained in:
Øyvind Horneland
2016-03-14 15:08:19 +01:00
committed by Rob Winch
parent 4f7728f5b5
commit 831d2f4152
2 changed files with 42 additions and 1 deletions

View File

@@ -64,6 +64,7 @@ import static org.mockito.Mockito.reset;
import static org.mockito.Mockito.spy;
import static org.mockito.Mockito.verify;
import static org.mockito.Mockito.verifyZeroInteractions;
import static org.mockito.internal.verification.VerificationModeFactory.times;
@RunWith(MockitoJUnitRunner.class)
@SuppressWarnings("deprecation")
@@ -1341,6 +1342,35 @@ public class SessionRepositoryFilterTests {
this.filter.setHttpSessionStrategy((MultiHttpSessionStrategy) null);
}
@Test
public void getSessionFalseWithInvalidSessionIdShouldOnlyAskRepositoryOnce() throws ServletException, IOException {
this.sessionRepository = spy(this.sessionRepository);
this.filter = new SessionRepositoryFilter<ExpiringSession>(this.sessionRepository);
final String nonExistantSessionId = "nonExistantSessionId";
setSessionCookie(nonExistantSessionId);
doFilter(new DoInFilter() {
@Override
public void doFilter(HttpServletRequest wrappedRequest) {
// Before first invocation
assertThat(SessionRepositoryFilterTests.this.request.getAttribute(SessionRepositoryFilter.INVALID_SESSION_ID_ATTR)).isNull();
// First call should go all the way through to the sessioRepository (it will not find the session)
HttpSession session = wrappedRequest.getSession(false);
verify(sessionRepository, times(1)).getSession(nonExistantSessionId);
assertThat(session).isNull();
assertThat(SessionRepositoryFilterTests.this.request.getAttribute(SessionRepositoryFilter.INVALID_SESSION_ID_ATTR)).isNotNull();
// Second call should not reach the sessionRepository
session = wrappedRequest.getSession(false);
verify(sessionRepository, times(1)).getSession(nonExistantSessionId); // still only called once
assertThat(session).isNull();
assertThat(SessionRepositoryFilterTests.this.request.getAttribute(SessionRepositoryFilter.INVALID_SESSION_ID_ATTR)).isNotNull();
}
});
}
// --- helper methods
private void assertNewSession() {