shiro-commits mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From lhazlew...@apache.org
Subject svn commit: r1365297 - in /shiro/branches/1.2.x/web/src: main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java test/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManagerTest.java
Date Tue, 24 Jul 2012 21:25:02 GMT
Author: lhazlewood
Date: Tue Jul 24 21:25:02 2012
New Revision: 1365297

URL: http://svn.apache.org/viewvc?rev=1365297&view=rev
Log:
SHIRO-374: session id name sanity checking

Modified:
    shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java
    shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManagerTest.java

Modified: shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java?rev=1365297&r1=1365296&r2=1365297&view=diff
==============================================================================
--- shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java
(original)
+++ shiro/branches/1.2.x/web/src/main/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManager.java
Tue Jul 24 21:25:02 2012
@@ -25,6 +25,7 @@ import org.apache.shiro.session.mgt.Defa
 import org.apache.shiro.session.mgt.DelegatingSession;
 import org.apache.shiro.session.mgt.SessionContext;
 import org.apache.shiro.session.mgt.SessionKey;
+import org.apache.shiro.util.StringUtils;
 import org.apache.shiro.web.servlet.Cookie;
 import org.apache.shiro.web.servlet.ShiroHttpServletRequest;
 import org.apache.shiro.web.servlet.ShiroHttpSession;
@@ -115,10 +116,11 @@ public class DefaultWebSessionManager ex
                     ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
         } else {
             //not in a cookie, or cookie is disabled - try the request params as a fallback
(i.e. URL rewriting):
-            id = request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
+            String name = getSessionIdName();
+            id = request.getParameter(name);
             if (id == null) {
                 //try lowercase:
-                id = request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME.toLowerCase());
+                id = request.getParameter(name.toLowerCase());
             }
             if (id != null) {
                 request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
@@ -134,6 +136,15 @@ public class DefaultWebSessionManager ex
         return id;
     }
 
+    //since 1.2.1
+    private String getSessionIdName() {
+        String name = this.sessionIdCookie != null ? this.sessionIdCookie.getName() : null;
+        if (name == null) {
+            name = ShiroHttpSession.DEFAULT_SESSION_ID_NAME;
+        }
+        return name;
+    }
+
     protected Session createExposedSession(Session session, SessionContext context) {
         if (!WebUtils.isWeb(context)) {
             return super.createExposedSession(session, context);

Modified: shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManagerTest.java
URL: http://svn.apache.org/viewvc/shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManagerTest.java?rev=1365297&r1=1365296&r2=1365297&view=diff
==============================================================================
--- shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManagerTest.java
(original)
+++ shiro/branches/1.2.x/web/src/test/java/org/apache/shiro/web/session/mgt/DefaultWebSessionManagerTest.java
Tue Jul 24 21:25:02 2012
@@ -147,6 +147,7 @@ public class DefaultWebSessionManagerTes
 
         String id = "12345";
 
+        expect(cookie.getName()).andReturn(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
         expect(request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME)).andReturn(id);
         request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                 ShiroHttpServletRequest.URL_SESSION_ID_SOURCE);
@@ -180,6 +181,7 @@ public class DefaultWebSessionManagerTes
 
         String id = "12345";
 
+        expect(cookie.getName()).andReturn(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
         expect(request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME)).andReturn(null);
         expect(request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME.toLowerCase())).andReturn(id);
         request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,



Mime
View raw message