|
|
|
|
@ -23,6 +23,7 @@ import java.util.stream.Collectors; |
|
|
|
|
|
|
|
|
|
import org.springframework.http.HttpCookie; |
|
|
|
|
import org.springframework.http.ResponseCookie; |
|
|
|
|
import org.springframework.lang.Nullable; |
|
|
|
|
import org.springframework.util.Assert; |
|
|
|
|
import org.springframework.util.MultiValueMap; |
|
|
|
|
import org.springframework.web.server.ServerWebExchange; |
|
|
|
|
@ -81,8 +82,9 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver { |
|
|
|
|
* Set the value for the "SameSite" attribute of the cookie that holds the |
|
|
|
|
* session id. For its meaning and possible values, see |
|
|
|
|
* {@link ResponseCookie#getSameSite()}. |
|
|
|
|
* <p>By default set to {@code "Strict"} |
|
|
|
|
* <p>By default set to {@code "Strict"}. |
|
|
|
|
* @param sameSite the SameSite value |
|
|
|
|
* @since 5.1 |
|
|
|
|
*/ |
|
|
|
|
public void setSameSite(String sameSite) { |
|
|
|
|
this.sameSite = sameSite; |
|
|
|
|
@ -90,11 +92,13 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver { |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* Return the configured "SameSite" attribute value for the session cookie. |
|
|
|
|
* @since 5.1 |
|
|
|
|
*/ |
|
|
|
|
public String getSameSite() { |
|
|
|
|
return this.sameSite; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public List<String> resolveSessionIds(ServerWebExchange exchange) { |
|
|
|
|
MultiValueMap<String, HttpCookie> cookieMap = exchange.getRequest().getCookies(); |
|
|
|
|
@ -108,21 +112,26 @@ public class CookieWebSessionIdResolver implements WebSessionIdResolver { |
|
|
|
|
@Override |
|
|
|
|
public void setSessionId(ServerWebExchange exchange, String id) { |
|
|
|
|
Assert.notNull(id, "'id' is required"); |
|
|
|
|
setSessionCookie(exchange, id, getCookieMaxAge(), getSameSite()); |
|
|
|
|
ResponseCookie cookie = initSessionCookie(exchange, id, getCookieMaxAge(), getSameSite()); |
|
|
|
|
exchange.getResponse().getCookies().set(this.cookieName, cookie); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
@Override |
|
|
|
|
public void expireSession(ServerWebExchange exchange) { |
|
|
|
|
setSessionCookie(exchange, "", Duration.ofSeconds(0), ""); |
|
|
|
|
ResponseCookie cookie = initSessionCookie(exchange, "", Duration.ZERO, null); |
|
|
|
|
exchange.getResponse().getCookies().set(this.cookieName, cookie); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
private void setSessionCookie(ServerWebExchange exchange, String id, Duration maxAge, String sameSite) { |
|
|
|
|
String name = getCookieName(); |
|
|
|
|
boolean secure = "https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme()); |
|
|
|
|
String path = exchange.getRequest().getPath().contextPath().value() + "/"; |
|
|
|
|
exchange.getResponse().getCookies().set(name, |
|
|
|
|
ResponseCookie.from(name, id).path(path) |
|
|
|
|
.maxAge(maxAge).httpOnly(true).secure(secure).sameSite(sameSite).build()); |
|
|
|
|
private ResponseCookie initSessionCookie( |
|
|
|
|
ServerWebExchange exchange, String id, Duration maxAge, @Nullable String sameSite) { |
|
|
|
|
|
|
|
|
|
return ResponseCookie.from(this.cookieName, id) |
|
|
|
|
.path(exchange.getRequest().getPath().contextPath().value() + "/") |
|
|
|
|
.maxAge(maxAge) |
|
|
|
|
.httpOnly(true) |
|
|
|
|
.secure("https".equalsIgnoreCase(exchange.getRequest().getURI().getScheme())) |
|
|
|
|
.sameSite(sameSite) |
|
|
|
|
.build(); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
} |
|
|
|
|
|
Rossen Stoyanchev
6 years ago