You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@geode.apache.org by "Dan Smith (JIRA)" <ji...@apache.org> on 2016/11/22 18:30:58 UTC
[jira] [Created] (GEODE-2136) session state module for generic
application servers duplicates request cookies
Dan Smith created GEODE-2136:
--------------------------------
Summary: session state module for generic application servers duplicates request cookies
Key: GEODE-2136
URL: https://issues.apache.org/jira/browse/GEODE-2136
Project: Geode
Issue Type: Bug
Components: http session
Reporter: Dan Smith
The session state module for generic application servers duplicates from the request to the response. This can lead to issues with user applications if the application tries to modify a cookie.
Below is the offending code
{code}
private void addSessionCookie(HttpServletResponse response) {
// Don't bother if the response is already committed
if (response.isCommitted()) {
return;
}
// Get the existing cookies
Cookie[] cookies = getCookies();
Cookie cookie = new Cookie(manager.getSessionCookieName(), session.getId());
cookie.setPath("".equals(getContextPath()) ? "/" : getContextPath());
// Clear out all old cookies and just set ours
response.addCookie(cookie);
// Replace all other cookies which aren't JSESSIONIDs
if (cookies != null) {
for (Cookie c : cookies) {
if (manager.getSessionCookieName().equals(c.getName())) {
continue;
}
response.addCookie(c);
}
}
}
{code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)