-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA256 Mark,
On 12/7/19 17:30, ma...@apache.org wrote: > This is an automated email from the ASF dual-hosted git > repository. > > markt pushed a commit to branch 7.0.x in repository > https://gitbox.apache.org/repos/asf/tomcat.git > > commit c06674e09e9f3f43dc0e5c022dc8c311a4285cfd Author: Mark Thomas > <ma...@apache.org> AuthorDate: Fri Dec 6 12:13:15 2019 +0000 > > Add an atomic method to rotate session ID and return new value. > > Use it where possible. Shouldn't there be a "synchronized" keyword somewhere in there? - -chris > --- java/org/apache/catalina/connector/Request.java | 27 > +++++++++++++++++++++++ > java/org/apache/catalina/session/ManagerBase.java | 15 > +++++++++++-- 2 files changed, 40 insertions(+), 2 deletions(-) > > diff --git a/java/org/apache/catalina/connector/Request.java > b/java/org/apache/catalina/connector/Request.java index > a0726ee..ab4e5f0 100644 --- > a/java/org/apache/catalina/connector/Request.java +++ > b/java/org/apache/catalina/connector/Request.java @@ -74,6 +74,7 @@ > import org.apache.catalina.core.ApplicationPart; import > org.apache.catalina.core.ApplicationSessionCookieConfig; import > org.apache.catalina.core.AsyncContextImpl; import > org.apache.catalina.realm.GenericPrincipal; +import > org.apache.catalina.session.ManagerBase; import > org.apache.catalina.util.ParameterMap; import > org.apache.catalina.util.RequestUtil; import > org.apache.catalina.util.StringParser; @@ -2702,6 +2703,32 @@ > public class Request implements HttpServletRequest { } > > > + public String changeSessionId() { + + Session session = > this.getSessionInternal(false); + if (session == null) { + > throw new IllegalStateException( + > sm.getString("coyoteRequest.changeSessionId")); + } + + > Manager manager = this.getContext().getManager(); + + String > newSessionId = rotateSessionId(manager, session); + > this.changeSessionId(newSessionId); + + return > newSessionId; + } + + private String rotateSessionId(Manager > manager, Session session) { + if (manager instanceof > ManagerBase) { + return ((ManagerBase) > manager).rotateSessionId(session); + } else { + > // Best we do with the current interface + > manager.changeSessionId(session); + return > session.getId(); + } + } + /** * @return the session > associated with this Request, creating one * if necessary and > requested. diff --git > a/java/org/apache/catalina/session/ManagerBase.java > b/java/org/apache/catalina/session/ManagerBase.java index > e4121a6..8022d08 100644 --- > a/java/org/apache/catalina/session/ManagerBase.java +++ > b/java/org/apache/catalina/session/ManagerBase.java @@ -851,9 > +851,20 @@ public abstract class ManagerBase extends > LifecycleMBeanBase implements Manager > > @Override public void changeSessionId(Session session) { + > rotateSessionId(session); + } + + + public String > rotateSessionId(Session session) { + String newId = > generateSessionId(); + changeSessionId(session, newId); + > return newId; + } + + + public void changeSessionId(Session > session, String newId) { String oldId = session.getIdInternal(); - > session.setId(generateSessionId(), false); - String newId = > session.getIdInternal(); + session.setId(newId, false); > container.fireContainerEvent(Context.CHANGE_SESSION_ID_EVENT, new > String[] {oldId, newId}); } > > > --------------------------------------------------------------------- > > To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org > For additional commands, e-mail: dev-h...@tomcat.apache.org > -----BEGIN PGP SIGNATURE----- Comment: Using GnuPG with Thunderbird - https://www.enigmail.net/ iQIzBAEBCAAdFiEEMmKgYcQvxMe7tcJcHPApP6U8pFgFAl3xK2kACgkQHPApP6U8 pFgyKxAAs1tW1HjrlofSFAD1hPFG8iWITjAF7zuFzH3+gTCyuaQT/V6mD6Ad6xwR qrwdM1X4pZLkGYmIz1QOQtpzjAdZyuFRjlLLIlIVOdEj+d2vth3O0GgwSfRcU0PZ o4ars/2xeLyK3BD7iU79FfqtzrWlHuzXNtoBoBvy7YSJPvHqJh0Jd7faiiNZtUQ9 H4zDlKQdBCyuehf5LOCV18iL0FhvwFZBzs09P8BXAwdKjuI5SEj9Tc3DYTAMM6yS yc7EztgAg/YXDtV6dDfwHZ5T32apMxqOqH1iTZl6cjUcKlKSvTMoH6EeakyF+DDJ W0edlmP9rUTj8Gwu13L5I8T/3G4qu6dV3RGV7BxQmha7gJoafte/TL64v20RkXYw qidZ0asGu96d4/VQsCSTmBVIpBDMhxUpmm62dPQpO4aD6bWLOCrAChSvouk0uDCO 6eBZhSfFWRo/I3SmPrLpy4/bO8L/JlBWEGr2Oen84iNSBX3K1xqWY35/weOPZhaN uoU0xJzICU9umbnSwSECUmNFIfdhhfQ80rc4RWFovCAfcvfbH9V7TU+LQk4WGuhU oaezHcAarYvfYXRAtl7ypxwDjeOT0oNonDi8WHkaPdkFo1ZNS2aXxm7fh5jxDIbF QSLyDjm35hX2+pJkdgNoKCfVnlWOm2QJUQhhc+i3EiNdksuET8U= =qerJ -----END PGP SIGNATURE----- --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@tomcat.apache.org For additional commands, e-mail: dev-h...@tomcat.apache.org
