You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Dan Smith (JIRA)" <ji...@apache.org> on 2016/11/22 19:43:58 UTC
[jira] [Resolved] (GEODE-2136) session state module for generic
application servers duplicates request cookies
[ https://issues.apache.org/jira/browse/GEODE-2136?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Dan Smith resolved GEODE-2136.
------------------------------
Resolution: Fixed
Fix Version/s: 1.1.0-incubating
> session state module for generic application servers duplicates request cookies
> -------------------------------------------------------------------------------
>
> Key: GEODE-2136
> URL: https://issues.apache.org/jira/browse/GEODE-2136
> Project: Geode
> Issue Type: Bug
> Components: http session
> Reporter: Dan Smith
> Assignee: Dan Smith
> Fix For: 1.1.0-incubating
>
>
> The session state module for generic application servers duplicates from the request to the response. This can lead to issues with user applications if the application tries to modify a cookie.
> Below is the offending code
> {code}
> private void addSessionCookie(HttpServletResponse response) {
> // Don't bother if the response is already committed
> if (response.isCommitted()) {
> return;
> }
> // Get the existing cookies
> Cookie[] cookies = getCookies();
> Cookie cookie = new Cookie(manager.getSessionCookieName(), session.getId());
> cookie.setPath("".equals(getContextPath()) ? "/" : getContextPath());
> // Clear out all old cookies and just set ours
> response.addCookie(cookie);
> // Replace all other cookies which aren't JSESSIONIDs
> if (cookies != null) {
> for (Cookie c : cookies) {
> if (manager.getSessionCookieName().equals(c.getName())) {
> continue;
> }
> response.addCookie(c);
> }
> }
> }
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)