public MockWebSession(@Nullable Clock clock) { InMemoryWebSessionStore sessionStore = new InMemoryWebSessionStore(); if (clock != null) { sessionStore.setClock(clock); } WebSession session = sessionStore.createWebSession().block(); Assert.state(session != null, "WebSession must not be null"); this.delegate = session; }
/** * Configure the {@link Clock} to use to set lastAccessTime on every created * session and to calculate if it is expired. * <p>This may be useful to align to different timezone or to set the clock * back in a test, e.g. {@code Clock.offset(clock, Duration.ofMinutes(-31))} * in order to simulate session expiration. * <p>By default this is {@code Clock.system(ZoneId.of("GMT"))}. * @param clock the clock to use */ public void setClock(Clock clock) { Assert.notNull(clock, "Clock is required"); this.clock = clock; removeExpiredSessions(); }
@Test public void retrieveExpiredSession() { WebSession session = this.store.createWebSession().block(); assertNotNull(session); session.getAttributes().put("foo", "bar"); session.save().block(); String id = session.getId(); WebSession retrieved = this.store.retrieveSession(id).block(); assertNotNull(retrieved); assertSame(session, retrieved); // Fast-forward 31 minutes this.store.setClock(Clock.offset(this.store.getClock(), Duration.ofMinutes(31))); WebSession retrievedAgain = this.store.retrieveSession(id).block(); assertNull(retrievedAgain); }
@Test public void expiredSessionIsRecreated() throws Exception { // First request: no session yet, new session created RequestEntity<Void> request = RequestEntity.get(createUri()).build(); ResponseEntity<Void> response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); String id = extractSessionId(response.getHeaders()); assertNotNull(id); assertEquals(1, this.handler.getSessionRequestCount()); // Second request: same session request = RequestEntity.get(createUri()).header("Cookie", "SESSION=" + id).build(); response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNull(response.getHeaders().get("Set-Cookie")); assertEquals(2, this.handler.getSessionRequestCount()); // Now fast-forward by 31 minutes InMemoryWebSessionStore store = (InMemoryWebSessionStore) this.sessionManager.getSessionStore(); WebSession session = store.retrieveSession(id).block(); assertNotNull(session); store.setClock(Clock.offset(store.getClock(), Duration.ofMinutes(31))); // Third request: expired session, new session created request = RequestEntity.get(createUri()).header("Cookie", "SESSION=" + id).build(); response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); id = extractSessionId(response.getHeaders()); assertNotNull("Expected new session id", id); assertEquals(1, this.handler.getSessionRequestCount()); }
@Test // SPR-17051 public void sessionInvalidatedBeforeSave() { // Request 1 creates session WebSession session1 = this.store.createWebSession().block(); assertNotNull(session1); String id = session1.getId(); session1.start(); session1.save().block(); // Request 2 retrieves session WebSession session2 = this.store.retrieveSession(id).block(); assertNotNull(session2); assertSame(session1, session2); // Request 3 retrieves and invalidates WebSession session3 = this.store.retrieveSession(id).block(); assertNotNull(session3); assertSame(session1, session3); session3.invalidate().block(); // Request 2 saves session after invalidated session2.save().block(); // Session should not be present WebSession session4 = this.store.retrieveSession(id).block(); assertNull(session4); }
private WebSession insertSession() { WebSession session = this.store.createWebSession().block(); assertNotNull(session); session.start(); session.save().block(); return session; }
@Test public void expiredSessionEnds() throws Exception { // First request: no session yet, new session created RequestEntity<Void> request = RequestEntity.get(createUri()).build(); ResponseEntity<Void> response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); String id = extractSessionId(response.getHeaders()); assertNotNull(id); // Now fast-forward by 31 minutes InMemoryWebSessionStore store = (InMemoryWebSessionStore) this.sessionManager.getSessionStore(); store.setClock(Clock.offset(store.getClock(), Duration.ofMinutes(31))); // Second request: session expires URI uri = new URI("http://localhost:" + this.port + "/?expire"); request = RequestEntity.get(uri).header("Cookie", "SESSION=" + id).build(); response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); String value = response.getHeaders().getFirst("Set-Cookie"); assertNotNull(value); assertTrue("Actual value: " + value, value.contains("Max-Age=0")); }
@Test public void expirationCheckPeriod() { DirectFieldAccessor accessor = new DirectFieldAccessor(this.store); Map<?,?> sessions = (Map<?, ?>) accessor.getPropertyValue("sessions"); assertNotNull(sessions); // Create 100 sessions IntStream.range(0, 100).forEach(i -> insertSession()); assertEquals(100, sessions.size()); // Force a new clock (31 min later), don't use setter which would clean expired sessions accessor.setPropertyValue("clock", Clock.offset(this.store.getClock(), Duration.ofMinutes(31))); assertEquals(100, sessions.size()); // Create 1 more which forces a time-based check (clock moved forward) insertSession(); assertEquals(1, sessions.size()); }
@Test public void lastAccessTimeIsUpdatedOnRetrieve() { WebSession session1 = this.store.createWebSession().block(); assertNotNull(session1); String id = session1.getId(); Instant time1 = session1.getLastAccessTime(); session1.start(); session1.save().block(); // Fast-forward a few seconds this.store.setClock(Clock.offset(this.store.getClock(), Duration.ofSeconds(5))); WebSession session2 = this.store.retrieveSession(id).block(); assertNotNull(session2); assertSame(session1, session2); Instant time2 = session2.getLastAccessTime(); assertTrue(time1.isBefore(time2)); }
@Test public void startsSessionImplicitly() { WebSession session = this.store.createWebSession().block(); assertNotNull(session); session.start(); session.getAttributes().put("foo", "bar"); assertTrue(session.isStarted()); }
public MockWebSession(@Nullable Clock clock) { InMemoryWebSessionStore sessionStore = new InMemoryWebSessionStore(); if (clock != null) { sessionStore.setClock(clock); } WebSession session = sessionStore.createWebSession().block(); Assert.state(session != null, "WebSession must not be null"); this.delegate = session; }
/** * Configure the {@link Clock} to use to set lastAccessTime on every created * session and to calculate if it is expired. * <p>This may be useful to align to different timezone or to set the clock * back in a test, e.g. {@code Clock.offset(clock, Duration.ofMinutes(-31))} * in order to simulate session expiration. * <p>By default this is {@code Clock.system(ZoneId.of("GMT"))}. * @param clock the clock to use */ public void setClock(Clock clock) { Assert.notNull(clock, "Clock is required"); this.clock = clock; removeExpiredSessions(); }
@Test public void startsSessionExplicitly() { WebSession session = this.store.createWebSession().block(); assertNotNull(session); session.start(); assertTrue(session.isStarted()); }
public MockWebSession(@Nullable Clock clock) { InMemoryWebSessionStore sessionStore = new InMemoryWebSessionStore(); if (clock != null) { sessionStore.setClock(clock); } WebSession session = sessionStore.createWebSession().block(); Assert.state(session != null, "WebSession must not be null"); this.delegate = session; }
/** * Configure the {@link Clock} to use to set lastAccessTime on every created * session and to calculate if it is expired. * <p>This may be useful to align to different timezone or to set the clock * back in a test, e.g. {@code Clock.offset(clock, Duration.ofMinutes(-31))} * in order to simulate session expiration. * <p>By default this is {@code Clock.system(ZoneId.of("GMT"))}. * @param clock the clock to use */ public void setClock(Clock clock) { Assert.notNull(clock, "Clock is required"); this.clock = clock; removeExpiredSessions(); }
public MockWebSession(@Nullable Clock clock) { InMemoryWebSessionStore sessionStore = new InMemoryWebSessionStore(); if (clock != null) { sessionStore.setClock(clock); } WebSession session = sessionStore.createWebSession().block(); Assert.state(session != null, "WebSession must not be null"); this.delegate = session; }
/** * Configure the {@link Clock} to use to set lastAccessTime on every created * session and to calculate if it is expired. * <p>This may be useful to align to different timezone or to set the clock * back in a test, e.g. {@code Clock.offset(clock, Duration.ofMinutes(-31))} * in order to simulate session expiration. * <p>By default this is {@code Clock.system(ZoneId.of("GMT"))}. * @param clock the clock to use */ public void setClock(Clock clock) { Assert.notNull(clock, "Clock is required"); this.clock = clock; removeExpiredSessions(); }