You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
If SessionRepositoryRequestWrapper.commitSession() is invoked twice when a new session is created, then CookieHttpSessionStrategy will add the same cookie twice. A couple examples of how this could happen:
The response is committed and SessionRepositoryResponseWrapper.onResponseCommitted() invokes SessionRepositoryRequestWrapper.commitSession(). Then the finally block in SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() again.
The new session is initialized and an Exception is thrown (i.e. ERROR dispatch can cause two sessions to be created #229). The SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() in the REQUEST dispatch. Then in the ERROR dispatch SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() invokes it again.
The text was updated successfully, but these errors were encountered:
rwinch
changed the title
CookieHttpSessionStrategy can write the same Cookie twice
CookieHttpSessionStrategy can write the same Session id twice
Jul 28, 2015
If
SessionRepositoryRequestWrapper.commitSession()
is invoked twice when a new session is created, thenCookieHttpSessionStrategy
will add the same cookie twice. A couple examples of how this could happen:SessionRepositoryResponseWrapper.onResponseCommitted()
invokesSessionRepositoryRequestWrapper.commitSession()
. Then the finally block inSessionRepositoryFilter
invokesSessionRepositoryRequestWrapper.commitSession()
again.SessionRepositoryFilter
invokesSessionRepositoryRequestWrapper.commitSession()
in the REQUEST dispatch. Then in the ERROR dispatchSessionRepositoryFilter
invokesSessionRepositoryRequestWrapper.commitSession()
invokes it again.The text was updated successfully, but these errors were encountered: