You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@geode.apache.org by "Dan Smith (JIRA)" <ji...@apache.org> on 2016/11/22 18:30:58 UTC

[jira] [Created] (GEODE-2136) session state module for generic application servers duplicates request cookies

Dan Smith created GEODE-2136:
--------------------------------

             Summary: session state module for generic application servers duplicates request cookies
                 Key: GEODE-2136
                 URL: https://issues.apache.org/jira/browse/GEODE-2136
             Project: Geode
          Issue Type: Bug
          Components: http session
            Reporter: Dan Smith


The session state module for generic application servers duplicates from the request to the response. This can lead to issues with user applications if the application tries to modify a cookie.

Below is the offending code

{code}
    private void addSessionCookie(HttpServletResponse response) {
      // Don't bother if the response is already committed
      if (response.isCommitted()) {
        return;
      }

      // Get the existing cookies
      Cookie[] cookies = getCookies();

      Cookie cookie = new Cookie(manager.getSessionCookieName(), session.getId());
      cookie.setPath("".equals(getContextPath()) ? "/" : getContextPath());
      // Clear out all old cookies and just set ours
      response.addCookie(cookie);

      // Replace all other cookies which aren't JSESSIONIDs
      if (cookies != null) {
        for (Cookie c : cookies) {
          if (manager.getSessionCookieName().equals(c.getName())) {
            continue;
          }
          response.addCookie(c);
        }
      }

    }
{code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)