[tomcat] 13/14: Add an atomic method to rotate session ID and return new value.

[markt]

This is an automated email from the ASF dual-hosted git repository.

markt pushed a commit to branch 7.0.x
in repository https://gitbox.apache.org/repos/asf/tomcat.git

commit c06674e09e9f3f43dc0e5c022dc8c311a4285cfd
Author: Mark Thomas <ma...@apache.org>
AuthorDate: Fri Dec 6 12:13:15 2019 +0000

    Add an atomic method to rotate session ID and return new value.
    
    Use it where possible.
---
 java/org/apache/catalina/connector/Request.java   | 27 +++++++++++++++++++++++
 java/org/apache/catalina/session/ManagerBase.java | 15 +++++++++++--
 2 files changed, 40 insertions(+), 2 deletions(-)

diff --git a/java/org/apache/catalina/connector/Request.java 
b/java/org/apache/catalina/connector/Request.java
index a0726ee..ab4e5f0 100644
--- a/java/org/apache/catalina/connector/Request.java
+++ b/java/org/apache/catalina/connector/Request.java
@@ -74,6 +74,7 @@ import org.apache.catalina.core.ApplicationPart;
 import org.apache.catalina.core.ApplicationSessionCookieConfig;
 import org.apache.catalina.core.AsyncContextImpl;
 import org.apache.catalina.realm.GenericPrincipal;
+import org.apache.catalina.session.ManagerBase;
 import org.apache.catalina.util.ParameterMap;
 import org.apache.catalina.util.RequestUtil;
 import org.apache.catalina.util.StringParser;
@@ -2702,6 +2703,32 @@ public class Request implements HttpServletRequest {
     }
 
 
+    public String changeSessionId() {
+
+        Session session = this.getSessionInternal(false);
+        if (session == null) {
+            throw new IllegalStateException(
+                sm.getString("coyoteRequest.changeSessionId"));
+        }
+
+        Manager manager = this.getContext().getManager();
+
+        String newSessionId = rotateSessionId(manager, session);
+        this.changeSessionId(newSessionId);
+
+        return newSessionId;
+    }
+
+    private String rotateSessionId(Manager manager, Session session) {
+        if (manager instanceof ManagerBase) {
+            return ((ManagerBase) manager).rotateSessionId(session);
+        } else {
+            // Best we do with the current interface
+            manager.changeSessionId(session);
+            return session.getId();
+        }
+    }
+
     /**
      * @return the session associated with this Request, creating one
      * if necessary and requested.
diff --git a/java/org/apache/catalina/session/ManagerBase.java 
b/java/org/apache/catalina/session/ManagerBase.java
index e4121a6..8022d08 100644
--- a/java/org/apache/catalina/session/ManagerBase.java
+++ b/java/org/apache/catalina/session/ManagerBase.java
@@ -851,9 +851,20 @@ public abstract class ManagerBase extends 
LifecycleMBeanBase implements Manager
 
     @Override
     public void changeSessionId(Session session) {
+        rotateSessionId(session);
+    }
+
+
+    public String rotateSessionId(Session session) {
+        String newId = generateSessionId();
+        changeSessionId(session, newId);
+        return newId;
+    }
+
+
+    public void changeSessionId(Session session, String newId) {
         String oldId = session.getIdInternal();
-        session.setId(generateSessionId(), false);
-        String newId = session.getIdInternal();
+        session.setId(newId, false);
         container.fireContainerEvent(Context.CHANGE_SESSION_ID_EVENT,
                 new String[] {oldId, newId});
     }


---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org
For additional commands, e-mail: dev-h...@tomcat.apache.org