tchekai704
/
src-spring-framework
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity
Browse Source

Set maxAge correctly when expiring WebSession 

Closes gh-31214
6.0.x
rstoyanchev 1 year ago
parent
5df6e8825d
commit
5c012bbb0c
2 changed files with 14 additions and 5 deletions
Whitespace
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Split View
Diff Options
Show Stats Download Patch File Download Diff File
  1. 10
      spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java
  2. 9
      spring-web/src/test/java/org/springframework/web/server/session/CookieWebSessionIdResolverTests.java

10
spring-web/src/main/java/org/springframework/web/server/session/CookieWebSessionIdResolver.java
Unescape View File

@ -105,20 +105,20 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver { @@ -105,20 +105,20 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
@Override
public void setSessionId(ServerWebExchange exchange, String id) {
Assert.notNull(id, "'id' is required");
ResponseCookie cookie = initSessionCookie(exchange, id, getCookieMaxAge());
ResponseCookie cookie = initCookie(exchange, id).build();
exchange.getResponse().getCookies().set(this.cookieName, cookie);
}
@Override
public void expireSession(ServerWebExchange exchange) {
ResponseCookie cookie = initSessionCookie(exchange, "", Duration.ZERO);
ResponseCookie cookie = initCookie(exchange, "").maxAge(0).build();
exchange.getResponse().getCookies().set(this.cookieName, cookie);
}
private ResponseCookie initSessionCookie(ServerWebExchange exchange, String id, Duration maxAge) {
private ResponseCookie.ResponseCookieBuilder initCookie(ServerWebExchange exchange, String id) {
ResponseCookie.ResponseCookieBuilder builder = ResponseCookie.from(this.cookieName, id)
.path(exchange.getRequest().getPath().contextPath().value() + "/")
.maxAge(maxAge)
.maxAge(getCookieMaxAge())
.httpOnly(true)
.secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme()))
.sameSite("Lax");
@ -127,7 +127,7 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver { @@ -127,7 +127,7 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver {
this.initializer.accept(builder);
}
return builder.build();
return builder;
}
}

9
spring-web/src/test/java/org/springframework/web/server/session/CookieWebSessionIdResolverTests.java
Unescape View File

@ -54,6 +54,15 @@ public class CookieWebSessionIdResolverTests { @@ -54,6 +54,15 @@ public class CookieWebSessionIdResolverTests {
assertCookieValue("SESSION=123; Path=/; Domain=example.org; HttpOnly; SameSite=Strict");
}
@Test
public void expireSessionWhenMaxAgeSetViaInitializer() {
this.resolver.addCookieInitializer(builder -> builder.maxAge(600));
this.resolver.expireSession(this.exchange);
assertCookieValue("SESSION=; Path=/; Max-Age=0; " +
"Expires=Thu, 01 Jan 1970 00:00:00 GMT; Secure; HttpOnly; SameSite=Lax");
}
private void assertCookieValue(String expected) {
MultiValueMap<String, ResponseCookie> cookies = this.exchange.getResponse().getCookies();
assertThat(cookies).hasSize(1);

Write Preview
Loading…
Cancel
Save