HeaderSessionStrategy uses response.setHeader

Previously multiple headers might be outputed. This ensures that only a single header is sent back with the session id. Fixes #32
spring-projects · Aug 1, 2014 · a4e003e · a4e003e
1 parent 2732a18
commit a4e003e
Show file tree

Hide file tree

Showing 2 changed files with 100 additions and 79 deletions.
diff --git a/...session/src/main/java/org/springframework/session/web/http/HeaderHttpSessionStrategy.java b/...session/src/main/java/org/springframework/session/web/http/HeaderHttpSessionStrategy.java
@@ -60,12 +60,12 @@ public String getRequestedSessionId(HttpServletRequest request) {
 
     @Override
     public void onNewSession(Session session, HttpServletRequest request, HttpServletResponse response) {
-        response.addHeader(headerName, session.getId());
+        response.setHeader(headerName, session.getId());
     }
 
     @Override
     public void onInvalidateSession(HttpServletRequest request, HttpServletResponse response) {
-        response.addHeader(headerName, "");
+        response.setHeader(headerName, "");
     }
 
     /**

diff --git a/...ession/src/test/java/org/springframework/session/web/http/HeaderSessionStrategyTests.java b/...ession/src/test/java/org/springframework/session/web/http/HeaderSessionStrategyTests.java
@@ -11,81 +11,102 @@
 import static org.fest.assertions.Assertions.assertThat;
 
 public class HeaderSessionStrategyTests {
-	private MockHttpServletRequest request;
-	private MockHttpServletResponse response;
-
-	private HeaderHttpSessionStrategy strategy;
-	private String headerName;
-	private Session session;
-
-	@Before
-	public void setup() throws Exception {
-		headerName = "x-auth-token";
-		session = new MapSession();
-		request = new MockHttpServletRequest();
-		response = new MockHttpServletResponse();
-		strategy = new HeaderHttpSessionStrategy();
-	}
-
-	@Test
-	public void getRequestedSessionIdNull() throws Exception {
-		assertThat(strategy.getRequestedSessionId(request)).isNull();
-	}
-
-	@Test
-	public void getRequestedSessionIdNotNull() throws Exception {
-		setSessionId(session.getId());
-		assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId());
-	}
-
-	@Test
-	public void getRequestedSessionIdNotNullCustomHeaderName() throws Exception {
-		setHeaderName("CUSTOM");
-		setSessionId(session.getId());
-		assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId());
-	}
-
-	@Test
-	public void onNewSession() throws Exception {
-		strategy.onNewSession(session, request, response);
-		assertThat(getSessionId()).isEqualTo(session.getId());
-	}
-
-	@Test
-	public void onNewSessionCustomHeaderName() throws Exception {
-		setHeaderName("CUSTOM");
-		strategy.onNewSession(session, request, response);
-		assertThat(getSessionId()).isEqualTo(session.getId());
-	}
-
-	@Test
-	public void onDeleteSession() throws Exception {
-		strategy.onInvalidateSession(request, response);
-		assertThat(getSessionId()).isEmpty();
-	}
-
-	@Test
-	public void onDeleteSessionCustomHeaderName() throws Exception {
-		setHeaderName("CUSTOM");
-		strategy.onInvalidateSession(request, response);
-		assertThat(getSessionId()).isEmpty();
-	}
-
-	@Test(expected = IllegalArgumentException.class)
-	public void setHeaderNameNull() throws Exception {
-		strategy.setHeaderName(null);
-	}
-
-	public void setHeaderName(String headerName) {
-		strategy.setHeaderName(headerName);
-		this.headerName = headerName;
-	}
-
-	public void setSessionId(String id) {
-		request.addHeader(headerName, id);
-	}
-
-	public String getSessionId() {
-		return response.getHeader(headerName);
-	}
+    private MockHttpServletRequest request;
+    private MockHttpServletResponse response;
+
+    private HeaderHttpSessionStrategy strategy;
+    private String headerName;
+    private Session session;
+
+    @Before
+    public void setup() throws Exception {
+        headerName = "x-auth-token";
+        session = new MapSession();
+        request = new MockHttpServletRequest();
+        response = new MockHttpServletResponse();
+        strategy = new HeaderHttpSessionStrategy();
+    }
+
+    @Test
+    public void getRequestedSessionIdNull() throws Exception {
+        assertThat(strategy.getRequestedSessionId(request)).isNull();
+    }
+
+    @Test
+    public void getRequestedSessionIdNotNull() throws Exception {
+        setSessionId(session.getId());
+        assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId());
+    }
+
+    @Test
+    public void getRequestedSessionIdNotNullCustomHeaderName() throws Exception {
+        setHeaderName("CUSTOM");
+        setSessionId(session.getId());
+        assertThat(strategy.getRequestedSessionId(request)).isEqualTo(session.getId());
+    }
+
+    @Test
+    public void onNewSession() throws Exception {
+        strategy.onNewSession(session, request, response);
+        assertThat(getSessionId()).isEqualTo(session.getId());
+    }
+
+    // the header is set as apposed to added
+    @Test
+    public void onNewSessionMulti() throws Exception {
+        strategy.onNewSession(session, request, response);
+        strategy.onNewSession(session, request, response);
+
+        assertThat(response.getHeaders(headerName).size()).isEqualTo(1);
+        assertThat(response.getHeaders(headerName)).containsOnly(session.getId());
+    }
+
+    @Test
+    public void onNewSessionCustomHeaderName() throws Exception {
+        setHeaderName("CUSTOM");
+        strategy.onNewSession(session, request, response);
+        assertThat(getSessionId()).isEqualTo(session.getId());
+    }
+
+    @Test
+    public void onDeleteSession() throws Exception {
+        strategy.onInvalidateSession(request, response);
+        assertThat(getSessionId()).isEmpty();
+    }
+
+
+    // the header is set as apposed to added
+    @Test
+    public void onDeleteSessionMulti() throws Exception {
+        strategy.onInvalidateSession(request, response);
+        strategy.onInvalidateSession(request, response);
+
+        assertThat(response.getHeaders(headerName).size()).isEqualTo(1);
+        assertThat(getSessionId()).isEmpty();
+    }
+
+    @Test
+    public void onDeleteSessionCustomHeaderName() throws Exception {
+        setHeaderName("CUSTOM");
+        strategy.onInvalidateSession(request, response);
+        assertThat(getSessionId()).isEmpty();
+    }
+
+    @Test(expected = IllegalArgumentException.class)
+    public void setHeaderNameNull() throws Exception {
+        strategy.setHeaderName(null);
+    }
+
+    public void setHeaderName(String headerName) {
+        strategy.setHeaderName(headerName);
+        this.headerName = headerName;
+    }
+
+    public void setSessionId(String id) {
+        request.addHeader(headerName, id);
+    }
+
+    public String getSessionId() {
+        return response.getHeader(headerName);
+    }
 }