d5484e15ca5175e853c4dce0f8218d7583df82eb
If SessionRepositoryRequestWrapper.commitSession() is invoked twice when a new session is created, then CookieHttpSessionStrategy will add the same cookie twice. A couple examples of how this could happen: * The response is committed and SessionRepositoryResponseWrapper.onResponseCommitted() invokes SessionRepositoryRequestWrapper.commitSession(). Then the finally block in SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() again. * The new session is initialized and an Exception is thrown (i.e. gh-229). The SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() in the REQUEST dispatch. Then in the ERROR dispatch SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() invokes it again. This commit ensures if the same Session is passed into CookieHttpSessionStrategy multiple times within the same HttpServletRequest it is only written once by keeping track of the sessions on a request attribute. Fixes gh-251
= Spring Session Rob Winch Spring Session aims to provide a common infrastructure for managing sessions. This provides many benefits including: * Accessing a session from any environment (i.e. web, messaging infrastructure, etc) * In a web environment ** Support for clustering in a vendor neutral way ** Pluggable strategy for determining the session id ** Easily keep the HttpSession alive when a WebSocket is active = Spring Session Project Site You can find the documentation, issue management, support, samples, and guides for using Spring Session at http://projects.spring.io/spring-session/ = License Spring Session is Open Source software released under the http://www.apache.org/licenses/LICENSE-2.0.html[Apache 2.0 license].
Description
Languages
Java
100%