Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Cannot modify PLAY_SESSION when calling with no cookie and CSRF token is added to session #3471

Merged
merged 1 commit into from Oct 3, 2014

Conversation

Projects
None yet
2 participants
@jroper
Copy link
Member

commented Oct 3, 2014

Using Play for Java version 2.2.3

I've created a small sample app here: https://github.com/Ronnie76er/play-csrf-issue.

What I'm trying to do is add another variable to the play session. It works fine when a cookie with a CSRF token is already established. However, if you call the endpoint with no cookie, you cannot modify the session any further.

I believe what is happening is that Http.Context.current() doesn't get you the current context that's going to be returned with the call, therefore your modifications to the session are useless.

@jroper jroper added the type:defect label Oct 3, 2014

Ensure AddCsrfToken action provides original context
Fixes #3471

Introduced a wrapped context, so calls to mutable objects in the context
such as the session modify the original context, not the new one.
@jroper

This comment has been minimized.

Copy link
Member

commented Oct 3, 2014

Pull request attached.

Backport to 2.3.x and 2.2.x required.

huntc added a commit that referenced this pull request Oct 3, 2014

Merge pull request #3471 from jroper/3471-csrf-session
Cannot modify PLAY_SESSION when calling with no cookie and CSRF token is added to session

@huntc huntc merged commit a898932 into playframework:master Oct 3, 2014

1 check passed

default Merged build finished.
Details

@jroper jroper deleted the jroper:3471-csrf-session branch Oct 3, 2014

jroper added a commit that referenced this pull request Oct 3, 2014

Ensure AddCsrfToken action provides original context
Fixes #3471

Introduced a wrapped context, so calls to mutable objects in the context
such as the session modify the original context, not the new one.
@jroper

This comment has been minimized.

Copy link
Member

commented Oct 3, 2014

Backported to 2.3.x: a5a11b9

jroper added a commit that referenced this pull request Oct 6, 2014

Ensure AddCsrfToken action provides original context
Fixes #3471

Introduced a wrapped context, so calls to mutable objects in the context
such as the session modify the original context, not the new one.
@jroper

This comment has been minimized.

Copy link
Member

commented Oct 6, 2014

Backported to 2.2.x: cc7491f

@jroper jroper added this to the 2.2.5 milestone Oct 7, 2014

ClaraAllende pushed a commit to ClaraAllende/playframework that referenced this pull request Aug 28, 2015

Ensure AddCsrfToken action provides original context
Fixes playframework#3471

Introduced a wrapped context, so calls to mutable objects in the context
such as the session modify the original context, not the new one.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
You can’t perform that action at this time.