@Test public void expiredSessionIsRecreated() throws Exception { // First request: no session yet, new session created RequestEntity<Void> request = RequestEntity.get(createUri()).build(); ResponseEntity<Void> response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); String id = extractSessionId(response.getHeaders()); assertNotNull(id); assertEquals(1, this.handler.getSessionRequestCount()); // Second request: same session request = RequestEntity.get(createUri()).header("Cookie", "SESSION=" + id).build(); response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNull(response.getHeaders().get("Set-Cookie")); assertEquals(2, this.handler.getSessionRequestCount()); // Now fast-forward by 31 minutes InMemoryWebSessionStore store = (InMemoryWebSessionStore) this.sessionManager.getSessionStore(); WebSession session = store.retrieveSession(id).block(); assertNotNull(session); store.setClock(Clock.offset(store.getClock(), Duration.ofMinutes(31))); // Third request: expired session, new session created request = RequestEntity.get(createUri()).header("Cookie", "SESSION=" + id).build(); response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); id = extractSessionId(response.getHeaders()); assertNotNull("Expected new session id", id); assertEquals(1, this.handler.getSessionRequestCount()); }
@Test public void changeSessionId() throws Exception { // First request: no session yet, new session created RequestEntity<Void> request = RequestEntity.get(createUri()).build(); ResponseEntity<Void> response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); String oldId = extractSessionId(response.getHeaders()); assertNotNull(oldId); assertEquals(1, this.handler.getSessionRequestCount()); // Second request: session id changes URI uri = new URI("http://localhost:" + this.port + "/?changeId"); request = RequestEntity.get(uri).header("Cookie", "SESSION=" + oldId).build(); response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); String newId = extractSessionId(response.getHeaders()); assertNotNull("Expected new session id", newId); assertNotEquals(oldId, newId); assertEquals(2, this.handler.getSessionRequestCount()); }
@Override public Mono<Void> handle(ServerWebExchange exchange) { if (exchange.getRequest().getQueryParams().containsKey("expire")) { return exchange.getSession().doOnNext(session -> { // Don't do anything, leave it expired... }).then(); } else if (exchange.getRequest().getQueryParams().containsKey("changeId")) { return exchange.getSession().flatMap(session -> session.changeSessionId().doOnSuccess(aVoid -> updateSessionAttribute(session))); } else if (exchange.getRequest().getQueryParams().containsKey("invalidate")) { return exchange.getSession().doOnNext(WebSession::invalidate).then(); } else { return exchange.getSession().doOnSuccess(this::updateSessionAttribute).then(); } }
@Test public void createSession() throws Exception { RequestEntity<Void> request = RequestEntity.get(createUri()).build(); ResponseEntity<Void> response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); String id = extractSessionId(response.getHeaders()); assertNotNull(id); assertEquals(1, this.handler.getSessionRequestCount()); request = RequestEntity.get(createUri()).header("Cookie", "SESSION=" + id).build(); response = this.restTemplate.exchange(request, Void.class); assertEquals(HttpStatus.OK, response.getStatusCode()); assertNull(response.getHeaders().get("Set-Cookie")); assertEquals(2, this.handler.getSessionRequestCount()); }
@Override protected HttpHandler createHttpHandler() { this.sessionManager = new DefaultWebSessionManager(); this.handler = new TestWebHandler(); return WebHttpHandlerBuilder.webHandler(this.handler).sessionManager(this.sessionManager).build(); }