Add support for multiple sessions in a browser
Fixes gh-49
This commit is contained in:
@@ -13,99 +13,238 @@ import org.springframework.session.web.http.CookieHttpSessionStrategy;
|
||||
import javax.servlet.http.Cookie;
|
||||
|
||||
public class CookieHttpSessionStrategyTests {
|
||||
private MockHttpServletRequest request;
|
||||
private MockHttpServletResponse response;
|
||||
private MockHttpServletRequest request;
|
||||
private MockHttpServletResponse response;
|
||||
|
||||
private CookieHttpSessionStrategy strategy;
|
||||
private String cookieName;
|
||||
private Session session;
|
||||
private CookieHttpSessionStrategy strategy;
|
||||
private String cookieName;
|
||||
private Session session;
|
||||
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
cookieName = "SESSION";
|
||||
session = new MapSession();
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
strategy = new CookieHttpSessionStrategy();
|
||||
}
|
||||
@Before
|
||||
public void setup() throws Exception {
|
||||
cookieName = "SESSION";
|
||||
session = new MapSession();
|
||||
request = new MockHttpServletRequest();
|
||||
response = new MockHttpServletResponse();
|
||||
strategy = new CookieHttpSessionStrategy();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getRequestedSessionIdNull() throws Exception {
|
||||
assertThat(strategy.getRequestedSessionId(request)).isNull();
|
||||
}
|
||||
@Test
|
||||
public void getRequestedSessionIdNull() throws Exception {
|
||||
assertThat(strategy.getRequestedSessionId(request)).isNull();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getRequestedSessionIdNotNull() throws Exception {
|
||||
setSessionId(session.getId());
|
||||
assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId());
|
||||
}
|
||||
@Test
|
||||
public void getRequestedSessionIdNotNull() throws Exception {
|
||||
setSessionId(session.getId());
|
||||
assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getRequestedSessionIdNotNullCustomCookieName() throws Exception {
|
||||
setCookieName("CUSTOM");
|
||||
setSessionId(session.getId());
|
||||
assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId());
|
||||
}
|
||||
@Test
|
||||
public void getRequestedSessionIdNotNullCustomCookieName() throws Exception {
|
||||
setCookieName("CUSTOM");
|
||||
setSessionId(session.getId());
|
||||
assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onNewSession() throws Exception {
|
||||
strategy.onNewSession(session, request, response);
|
||||
assertThat(getSessionId()).isEqualTo(session.getId());
|
||||
}
|
||||
@Test
|
||||
public void onNewSession() throws Exception {
|
||||
strategy.onNewSession(session, request, response);
|
||||
assertThat(getSessionId()).isEqualTo(session.getId());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onNewSessionCookiePath() throws Exception {
|
||||
request.setContextPath("/somethingunique");
|
||||
strategy.onNewSession(session, request, response);
|
||||
@Test
|
||||
public void onNewSessionExistingSessionSameAlias() throws Exception {
|
||||
Session existing = new MapSession();
|
||||
setSessionId(existing.getId());
|
||||
strategy.onNewSession(session, request, response);
|
||||
assertThat(getSessionId()).isEqualTo(session.getId());
|
||||
}
|
||||
|
||||
Cookie sessionCookie = response.getCookie(cookieName);
|
||||
assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/");
|
||||
}
|
||||
@Test
|
||||
public void onNewSessionExistingSessionNewAlias() throws Exception {
|
||||
Session existing = new MapSession();
|
||||
setSessionId(existing.getId());
|
||||
request.setParameter(CookieHttpSessionStrategy.DEFAULT_SESSION_ALIAS_PARAM_NAME, "new");
|
||||
strategy.onNewSession(session, request, response);
|
||||
assertThat(getSessionId()).isEqualTo("0 " + existing.getId() + " new " + session.getId());
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onNewSessionCustomCookieName() throws Exception {
|
||||
setCookieName("CUSTOM");
|
||||
strategy.onNewSession(session, request, response);
|
||||
assertThat(getSessionId()).isEqualTo(session.getId());
|
||||
}
|
||||
@Test
|
||||
public void onNewSessionCookiePath() throws Exception {
|
||||
request.setContextPath("/somethingunique");
|
||||
strategy.onNewSession(session, request, response);
|
||||
|
||||
@Test
|
||||
public void onDeleteSession() throws Exception {
|
||||
strategy.onInvalidateSession(request, response);
|
||||
assertThat(getSessionId()).isEmpty();
|
||||
}
|
||||
Cookie sessionCookie = response.getCookie(cookieName);
|
||||
assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onDeleteSessionCookiePath() throws Exception {
|
||||
request.setContextPath("/somethingunique");
|
||||
strategy.onInvalidateSession(request, response);
|
||||
@Test
|
||||
public void onNewSessionCustomCookieName() throws Exception {
|
||||
setCookieName("CUSTOM");
|
||||
strategy.onNewSession(session, request, response);
|
||||
assertThat(getSessionId()).isEqualTo(session.getId());
|
||||
}
|
||||
|
||||
Cookie sessionCookie = response.getCookie(cookieName);
|
||||
assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/");
|
||||
}
|
||||
@Test
|
||||
public void onDeleteSession() throws Exception {
|
||||
strategy.onInvalidateSession(request, response);
|
||||
assertThat(getSessionId()).isEmpty();
|
||||
}
|
||||
|
||||
@Test
|
||||
public void onDeleteSessionCustomCookieName() throws Exception {
|
||||
setCookieName("CUSTOM");
|
||||
strategy.onInvalidateSession(request, response);
|
||||
assertThat(getSessionId()).isEmpty();
|
||||
}
|
||||
@Test
|
||||
public void onDeleteSessionCookiePath() throws Exception {
|
||||
request.setContextPath("/somethingunique");
|
||||
strategy.onInvalidateSession(request, response);
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void setCookieNameNull() throws Exception {
|
||||
strategy.setCookieName(null);
|
||||
}
|
||||
Cookie sessionCookie = response.getCookie(cookieName);
|
||||
assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/");
|
||||
}
|
||||
|
||||
public void setCookieName(String cookieName) {
|
||||
strategy.setCookieName(cookieName);
|
||||
this.cookieName = cookieName;
|
||||
}
|
||||
@Test
|
||||
public void onDeleteSessionCustomCookieName() throws Exception {
|
||||
setCookieName("CUSTOM");
|
||||
strategy.onInvalidateSession(request, response);
|
||||
assertThat(getSessionId()).isEmpty();
|
||||
}
|
||||
|
||||
public void setSessionId(String id) {
|
||||
request.setCookies(new Cookie(cookieName, id));
|
||||
}
|
||||
@Test
|
||||
public void onDeleteSessionExistingSessionSameAlias() throws Exception {
|
||||
Session existing = new MapSession();
|
||||
setSessionId("0 " + existing.getId() + " new " + session.getId());
|
||||
strategy.onInvalidateSession(request, response);
|
||||
assertThat(getSessionId()).isEqualTo(session.getId());
|
||||
}
|
||||
|
||||
public String getSessionId() {
|
||||
return response.getCookie(cookieName).getValue();
|
||||
}
|
||||
@Test
|
||||
public void onDeleteSessionExistingSessionNewAlias() throws Exception {
|
||||
Session existing = new MapSession();
|
||||
setSessionId("0 " + existing.getId() + " new " + session.getId());
|
||||
request.setParameter(CookieHttpSessionStrategy.DEFAULT_SESSION_ALIAS_PARAM_NAME, "new");
|
||||
strategy.onInvalidateSession(request, response);
|
||||
assertThat(getSessionId()).isEqualTo(existing.getId());
|
||||
}
|
||||
|
||||
@Test(expected = IllegalArgumentException.class)
|
||||
public void setCookieNameNull() throws Exception {
|
||||
strategy.setCookieName(null);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLNoExistingQuery() {
|
||||
assertThat(strategy.encodeURL("/url", "2")).isEqualTo("/url?u=2");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLNoExistingQueryEmpty() {
|
||||
assertThat(strategy.encodeURL("/url?", "2")).isEqualTo("/url?u=2");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryNoAlias() {
|
||||
assertThat(strategy.encodeURL("/url?a=b", "2")).isEqualTo("/url?a=b&u=2");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryExistingAliasStart() {
|
||||
assertThat(strategy.encodeURL("/url?u=1&y=z", "2")).isEqualTo("/url?u=2&y=z");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryExistingAliasMiddle() {
|
||||
assertThat(strategy.encodeURL("/url?a=b&u=1&y=z", "2")).isEqualTo("/url?a=b&u=2&y=z");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryExistingAliasEnd() {
|
||||
assertThat(strategy.encodeURL("/url?a=b&u=1", "2")).isEqualTo("/url?a=b&u=2");
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryParamEndsWithActualParamStart() {
|
||||
assertThat(strategy.encodeURL("/url?xu=1&y=z", "2")).isEqualTo("/url?xu=1&y=z&u=2");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryParamEndsWithActualParamMiddle() {
|
||||
assertThat(strategy.encodeURL("/url?a=b&xu=1&y=z", "2")).isEqualTo("/url?a=b&xu=1&y=z&u=2");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryParamEndsWithActualParamEnd() {
|
||||
assertThat(strategy.encodeURL("/url?a=b&xu=1", "2")).isEqualTo("/url?a=b&xu=1&u=2");
|
||||
}
|
||||
|
||||
//
|
||||
|
||||
@Test
|
||||
public void encodeURLNoExistingQueryDefaultAlias() {
|
||||
assertThat(strategy.encodeURL("/url", "0")).isEqualTo("/url");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLNoExistingQueryEmptyDefaultAlias() {
|
||||
assertThat(strategy.encodeURL("/url?", "0")).isEqualTo("/url?");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryNoAliasDefaultAlias() {
|
||||
assertThat(strategy.encodeURL("/url?a=b", "0")).isEqualTo("/url?a=b");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryExistingAliasStartDefaultAlias() {
|
||||
// relaxed constraint as result /url?&y=z does not hurt anything (ideally should remove the &)
|
||||
assertThat(strategy.encodeURL("/url?u=1&y=z", "0")).doesNotContain("u=0&u=1");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryExistingAliasMiddleDefaultAlias() {
|
||||
assertThat(strategy.encodeURL("/url?a=b&u=1&y=z", "0")).isEqualTo("/url?a=b&y=z");
|
||||
}
|
||||
|
||||
@Test
|
||||
public void encodeURLExistingQueryExistingAliasEndDefaultAlias() {
|
||||
assertThat(strategy.encodeURL("/url?a=b&u=1", "0")).isEqualTo("/url?a=b");
|
||||
}
|
||||
|
||||
// --- getCurrentSessionAlias
|
||||
|
||||
@Test
|
||||
public void getCurrentSessionAliasNull() {
|
||||
assertThat(strategy.getCurrentSessionAlias(request)).isEqualTo(CookieHttpSessionStrategy.DEFAULT_ALIAS);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getCurrentSessionAliasNullParamName() {
|
||||
strategy.setSessionAliasParamName(null);
|
||||
request.setParameter(CookieHttpSessionStrategy.DEFAULT_SESSION_ALIAS_PARAM_NAME, "NOT USED");
|
||||
|
||||
assertThat(strategy.getCurrentSessionAlias(request)).isEqualTo(CookieHttpSessionStrategy.DEFAULT_ALIAS);
|
||||
}
|
||||
|
||||
@Test
|
||||
public void getCurrentSession() {
|
||||
String expectedAlias = "1";
|
||||
request.setParameter(CookieHttpSessionStrategy.DEFAULT_SESSION_ALIAS_PARAM_NAME, expectedAlias);
|
||||
assertThat(strategy.getCurrentSessionAlias(request)).isEqualTo(expectedAlias);
|
||||
}
|
||||
|
||||
|
||||
// --- helper
|
||||
|
||||
public void setCookieName(String cookieName) {
|
||||
strategy.setCookieName(cookieName);
|
||||
this.cookieName = cookieName;
|
||||
}
|
||||
|
||||
public void setSessionId(String id) {
|
||||
request.setCookies(new Cookie(cookieName, id));
|
||||
}
|
||||
|
||||
public String getSessionId() {
|
||||
return response.getCookie(cookieName).getValue();
|
||||
}
|
||||
}
|
||||
@@ -2,6 +2,8 @@ package org.springframework.session.web.http;
|
||||
|
||||
import static org.fest.assertions.Assertions.assertThat;
|
||||
import static org.junit.Assert.fail;
|
||||
import static org.mockito.Matchers.*;
|
||||
import static org.mockito.Mockito.*;
|
||||
|
||||
import java.io.IOException;
|
||||
import java.util.Arrays;
|
||||
@@ -20,15 +22,23 @@ import javax.servlet.http.HttpSessionContext;
|
||||
|
||||
import org.junit.Before;
|
||||
import org.junit.Test;
|
||||
import org.junit.runner.RunWith;
|
||||
import org.mockito.Mock;
|
||||
import org.mockito.runners.MockitoJUnitRunner;
|
||||
import org.springframework.mock.web.MockFilterChain;
|
||||
import org.springframework.mock.web.MockHttpServletRequest;
|
||||
import org.springframework.mock.web.MockHttpServletResponse;
|
||||
import org.springframework.session.ExpiringSession;
|
||||
import org.springframework.session.MapSessionRepository;
|
||||
import org.springframework.session.Session;
|
||||
import org.springframework.session.SessionRepository;
|
||||
|
||||
@RunWith(MockitoJUnitRunner.class)
|
||||
@SuppressWarnings("deprecation")
|
||||
public class SessionRepositoryFilterTests<S extends ExpiringSession> {
|
||||
@Mock
|
||||
private HttpSessionStrategy strategy;
|
||||
|
||||
private SessionRepository<ExpiringSession> sessionRepository;
|
||||
|
||||
private SessionRepositoryFilter<ExpiringSession> filter;
|
||||
@@ -838,6 +848,72 @@ public class SessionRepositoryFilterTests<S extends ExpiringSession> {
|
||||
});
|
||||
}
|
||||
|
||||
// --- MultiHttpSessionStrategyAdapter
|
||||
|
||||
@Test
|
||||
public void doFilterAdapterGetRequestedSessionId() throws Exception {
|
||||
filter.setHttpSessionStrategy(strategy);
|
||||
final String expectedId = "MultiHttpSessionStrategyAdapter-requested-id";
|
||||
when(strategy.getRequestedSessionId(any(HttpServletRequest.class))).thenReturn(expectedId);
|
||||
|
||||
doFilter(new DoInFilter(){
|
||||
@Override
|
||||
public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException {
|
||||
String actualId = wrappedRequest.getRequestedSessionId();
|
||||
assertThat(actualId).isEqualTo(expectedId);
|
||||
}
|
||||
});
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterAdapterOnNewSession() throws Exception {
|
||||
filter.setHttpSessionStrategy(strategy);
|
||||
|
||||
doFilter(new DoInFilter(){
|
||||
@Override
|
||||
public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException {
|
||||
wrappedRequest.getSession();
|
||||
}
|
||||
});
|
||||
|
||||
HttpServletRequest request = (HttpServletRequest) chain.getRequest();
|
||||
Session session = sessionRepository.getSession(request.getSession().getId());
|
||||
verify(strategy).onNewSession(eq(session), any(HttpServletRequest.class),any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
@Test
|
||||
public void doFilterAdapterOnInvalidate() throws Exception {
|
||||
filter.setHttpSessionStrategy(strategy);
|
||||
|
||||
doFilter(new DoInFilter(){
|
||||
@Override
|
||||
public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException {
|
||||
wrappedRequest.getSession().getId();
|
||||
}
|
||||
});
|
||||
|
||||
HttpServletRequest request = (HttpServletRequest) chain.getRequest();
|
||||
String id = request.getSession().getId();
|
||||
when(strategy.getRequestedSessionId(any(HttpServletRequest.class))).thenReturn(id);
|
||||
|
||||
doFilter(new DoInFilter(){
|
||||
@Override
|
||||
public void doFilter(HttpServletRequest wrappedRequest, HttpServletResponse wrappedResponse) throws IOException {
|
||||
wrappedRequest.getSession().invalidate();
|
||||
}
|
||||
});
|
||||
|
||||
verify(strategy).onInvalidateSession(any(HttpServletRequest.class),any(HttpServletResponse.class));
|
||||
}
|
||||
|
||||
// --- order
|
||||
|
||||
public void order() {
|
||||
int expected = 5;
|
||||
filter.setOrder(expected);
|
||||
assertThat(filter.getOrder()).isEqualTo(expected);
|
||||
}
|
||||
|
||||
// --- helper methods
|
||||
|
||||
private void assertNewSession() {
|
||||
|
||||
Reference in New Issue
Block a user