geode-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Dan Smith (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (GEODE-2136) session state module for generic application servers duplicates request cookies
Date Tue, 22 Nov 2016 19:43:58 GMT

     [ https://issues.apache.org/jira/browse/GEODE-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Dan Smith resolved GEODE-2136.
------------------------------
       Resolution: Fixed
    Fix Version/s: 1.1.0-incubating

> session state module for generic application servers duplicates request cookies
> -------------------------------------------------------------------------------
>
>                 Key: GEODE-2136
>                 URL: https://issues.apache.org/jira/browse/GEODE-2136
>             Project: Geode
>          Issue Type: Bug
>          Components: http session
>            Reporter: Dan Smith
>            Assignee: Dan Smith
>             Fix For: 1.1.0-incubating
>
>
> The session state module for generic application servers duplicates from the request
to the response. This can lead to issues with user applications if the application tries to
modify a cookie.
> Below is the offending code
> {code}
>     private void addSessionCookie(HttpServletResponse response) {
>       // Don't bother if the response is already committed
>       if (response.isCommitted()) {
>         return;
>       }
>       // Get the existing cookies
>       Cookie[] cookies = getCookies();
>       Cookie cookie = new Cookie(manager.getSessionCookieName(), session.getId());
>       cookie.setPath("".equals(getContextPath()) ? "/" : getContextPath());
>       // Clear out all old cookies and just set ours
>       response.addCookie(cookie);
>       // Replace all other cookies which aren't JSESSIONIDs
>       if (cookies != null) {
>         for (Cookie c : cookies) {
>           if (manager.getSessionCookieName().equals(c.getName())) {
>             continue;
>           }
>           response.addCookie(c);
>         }
>       }
>     }
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Mime
View raw message