aboutsummaryrefslogtreecommitdiffstats
path: root/uitest/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java
diff options
context:
space:
mode:
Diffstat (limited to 'uitest/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java')
-rw-r--r--uitest/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java71
1 files changed, 71 insertions, 0 deletions
diff --git a/uitest/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java b/uitest/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java
new file mode 100644
index 0000000000..9146cf5dea
--- /dev/null
+++ b/uitest/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java
@@ -0,0 +1,71 @@
+package com.vaadin.tests.applicationcontext;
+
+import com.vaadin.server.WebApplicationContext;
+import com.vaadin.tests.components.AbstractTestCase;
+import com.vaadin.tests.util.Log;
+import com.vaadin.ui.Button;
+import com.vaadin.ui.Button.ClickEvent;
+import com.vaadin.ui.Button.ClickListener;
+import com.vaadin.ui.UI.LegacyWindow;
+
+public class ChangeSessionId extends AbstractTestCase {
+
+ private Log log = new Log(5);
+ Button loginButton = new Button("Change session");
+ boolean requestSessionSwitch = false;
+
+ @Override
+ public void init() {
+ LegacyWindow mainWindow = new LegacyWindow("Sestest Application");
+ mainWindow.addComponent(log);
+ mainWindow.addComponent(loginButton);
+ mainWindow.addComponent(new Button("Show session id",
+ new Button.ClickListener() {
+
+ @Override
+ public void buttonClick(ClickEvent event) {
+ logSessionId();
+ }
+ }));
+ setMainWindow(mainWindow);
+
+ loginButton.addListener(new ClickListener() {
+ @Override
+ public void buttonClick(ClickEvent event) {
+ WebApplicationContext context = ((WebApplicationContext) getContext());
+
+ String oldSessionId = context.getHttpSession().getId();
+ context.reinitializeSession();
+ String newSessionId = context.getHttpSession().getId();
+ if (oldSessionId.equals(newSessionId)) {
+ log.log("FAILED! Both old and new session id is "
+ + newSessionId);
+ } else {
+ log.log("Session id changed successfully from "
+ + oldSessionId + " to " + newSessionId);
+ }
+
+ }
+ });
+ logSessionId();
+ }
+
+ private void logSessionId() {
+ log.log("Session id: " + getSessionId());
+ }
+
+ protected String getSessionId() {
+ return ((WebApplicationContext) getContext()).getHttpSession().getId();
+ }
+
+ @Override
+ protected String getDescription() {
+ return "Tests that the session id can be changed to prevent session fixation attacks";
+ }
+
+ @Override
+ protected Integer getTicketNumber() {
+ return 6094;
+ }
+
+} \ No newline at end of file
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-09 15:08:32 +0000