geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Smith (JIRA)" <j...@apache.org>
Subject [jira] [Created] (GEODE-2136) session state module for generic application servers duplicates request cookies
Date Tue, 22 Nov 2016 18:30:58 GMT
Dan Smith created GEODE-2136:
--------------------------------

             Summary: session state module for generic application servers duplicates request
cookies
                 Key: GEODE-2136
                 URL: https://issues.apache.org/jira/browse/GEODE-2136
             Project: Geode
          Issue Type: Bug
          Components: http session
            Reporter: Dan Smith


The session state module for generic application servers duplicates from the request to the
response. This can lead to issues with user applications if the application tries to modify
a cookie.

Below is the offending code

{code}
    private void addSessionCookie(HttpServletResponse response) {
      // Don't bother if the response is already committed
      if (response.isCommitted()) {
        return;
      }

      // Get the existing cookies
      Cookie[] cookies = getCookies();

      Cookie cookie = new Cookie(manager.getSessionCookieName(), session.getId());
      cookie.setPath("".equals(getContextPath()) ? "/" : getContextPath());
      // Clear out all old cookies and just set ours
      response.addCookie(cookie);

      // Replace all other cookies which aren't JSESSIONIDs
      if (cookies != null) {
        for (Cookie c : cookies) {
          if (manager.getSessionCookieName().equals(c.getName())) {
            continue;
          }
          response.addCookie(c);
        }
      }

    }
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message