HttpServletRequest.changeSessionId() impacts previous references
Previously, if a user had a reference to an existing HttpSession and changed the session id, it would not work. For example: HttpSession s = request.getSession(); request.changeSessionId(); s.setAttribute(...); This commit fixes holding on to a reference of an HttpSession when the session id is changed. Fixes gh-227
This commit is contained in:
@@ -472,7 +472,13 @@ public class SessionRepositoryFilterTests {
|
||||
doFilter(new DoInFilter() {
|
||||
@Override
|
||||
public void doFilter(HttpServletRequest wrappedRequest) {
|
||||
ReflectionTestUtils.invokeMethod(wrappedRequest, "changeSessionId");
|
||||
HttpSession originalSession = wrappedRequest.getSession();
|
||||
assertThat(originalSession.getId()).isEqualTo(originalSessionId);
|
||||
|
||||
String changeSessionId = ReflectionTestUtils.invokeMethod(wrappedRequest, "changeSessionId");
|
||||
assertThat(changeSessionId).isNotEqualTo(originalSessionId);
|
||||
// gh-227
|
||||
assertThat(originalSession.getId()).isEqualTo(changeSessionId);
|
||||
}
|
||||
});
|
||||
|
||||
|
||||
Reference in New Issue
Block a user