CookieHttpSessionStrategy can write the same Session id twice #251

rwinch · 2015-07-27T22:08:10Z

If SessionRepositoryRequestWrapper.commitSession() is invoked twice when a new session is created, then CookieHttpSessionStrategy will add the same cookie twice. A couple examples of how this could happen:

The response is committed and SessionRepositoryResponseWrapper.onResponseCommitted() invokes SessionRepositoryRequestWrapper.commitSession(). Then the finally block in SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() again.
The new session is initialized and an Exception is thrown (i.e. ERROR dispatch can cause two sessions to be created #229). The SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() in the REQUEST dispatch. Then in the ERROR dispatch SessionRepositoryFilter invokes SessionRepositoryRequestWrapper.commitSession() invokes it again.

The text was updated successfully, but these errors were encountered:

rwinch added the type: bug A general bug label Jul 27, 2015

rwinch self-assigned this Jul 27, 2015

rwinch added this to the 1.0.2 milestone Jul 27, 2015

rwinch mentioned this issue Jul 27, 2015

ERROR dispatch can cause two sessions to be created #229

Closed

rwinch changed the title ~~CookieHttpSessionStrategy can write the same Cookie twice~~ CookieHttpSessionStrategy can write the same Session id twice Jul 28, 2015

rwinch closed this as completed in d5484e1 Jul 28, 2015

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

CookieHttpSessionStrategy can write the same Session id twice #251

CookieHttpSessionStrategy can write the same Session id twice #251

rwinch commented Jul 27, 2015

CookieHttpSessionStrategy can write the same Session id twice #251

CookieHttpSessionStrategy can write the same Session id twice #251

Comments

rwinch commented Jul 27, 2015