From 2edeb9e4984b375bcbf755d887e83b154bbe4d1b Mon Sep 17 00:00:00 2001 From: Rob Winch Date: Thu, 26 Jun 2014 16:25:45 -0500 Subject: [PATCH] Set cookie path and find cookie based on that path. --- .../session/web/CookieHttpSessionStrategy.java | 17 +++++++++++++---- .../web/CookieHttpSessionStrategyTests.java | 18 ++++++++++++++++++ 2 files changed, 31 insertions(+), 4 deletions(-) diff --git a/src/main/java/org/springframework/session/web/CookieHttpSessionStrategy.java b/src/main/java/org/springframework/session/web/CookieHttpSessionStrategy.java index 63b70152..eee7be8d 100644 --- a/src/main/java/org/springframework/session/web/CookieHttpSessionStrategy.java +++ b/src/main/java/org/springframework/session/web/CookieHttpSessionStrategy.java @@ -66,8 +66,9 @@ public final class CookieHttpSessionStrategy implements HttpSessionStrategy { Cookie cookie = new Cookie(cookieName, session.getId()); cookie.setHttpOnly(true); cookie.setSecure(request.isSecure()); + cookie.setPath(cookiePath(request)); response.addCookie(cookie); - // TODO set the path? + // TODO set the domain? } @@ -77,6 +78,7 @@ public final class CookieHttpSessionStrategy implements HttpSessionStrategy { sessionCookie.setMaxAge(0); sessionCookie.setHttpOnly(true); sessionCookie.setSecure(request.isSecure()); + sessionCookie.setPath(cookiePath(request)); response.addCookie(sessionCookie); } @@ -97,16 +99,23 @@ public final class CookieHttpSessionStrategy implements HttpSessionStrategy { * @return the first cookie with the given name, or {@code null} if none is found */ private static Cookie getCookie(HttpServletRequest request, String name) { - // TODO what if there are multiple by the same name w/ different path Assert.notNull(request, "Request must not be null"); Cookie cookies[] = request.getCookies(); + Cookie result = null; if (cookies != null) { for (Cookie cookie : cookies) { if (name.equals(cookie.getName())) { - return cookie; + if(cookiePath(request).equals(cookie.getPath())) { + return cookie; + } + result = cookie; } } } - return null; + return result; + } + + private static String cookiePath(HttpServletRequest request) { + return request.getContextPath() + "/"; } } \ No newline at end of file diff --git a/src/test/java/org/springframework/session/web/CookieHttpSessionStrategyTests.java b/src/test/java/org/springframework/session/web/CookieHttpSessionStrategyTests.java index d3fe3da2..c318242e 100644 --- a/src/test/java/org/springframework/session/web/CookieHttpSessionStrategyTests.java +++ b/src/test/java/org/springframework/session/web/CookieHttpSessionStrategyTests.java @@ -52,6 +52,15 @@ public class CookieHttpSessionStrategyTests { assertThat(getSessionId()).isEqualTo(session.getId()); } + @Test + public void onNewSessionCookiePath() throws Exception { + request.setContextPath("/somethingunique"); + strategy.onNewSession(session, request, response); + + Cookie sessionCookie = response.getCookie(cookieName); + assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/"); + } + @Test public void onNewSessionCustomCookieName() throws Exception { setCookieName("CUSTOM"); @@ -65,6 +74,15 @@ public class CookieHttpSessionStrategyTests { assertThat(getSessionId()).isEmpty(); } + @Test + public void onDeleteSessionCookiePath() throws Exception { + request.setContextPath("/somethingunique"); + strategy.onInvalidateSession(request, response); + + Cookie sessionCookie = response.getCookie(cookieName); + assertThat(sessionCookie.getPath()).isEqualTo(request.getContextPath() + "/"); + } + @Test public void onDeleteSessionCustomCookieName() throws Exception { setCookieName("CUSTOM");