blob: 72e0a215a729777dc6b575152a2630bbcfbe9d28 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
|
package com.vaadin.tests.applicationcontext;
import com.vaadin.server.VaadinServletSession;
import com.vaadin.tests.components.AbstractTestCase;
import com.vaadin.tests.util.Log;
import com.vaadin.ui.Button;
import com.vaadin.ui.Button.ClickEvent;
import com.vaadin.ui.Button.ClickListener;
import com.vaadin.ui.UI.LegacyWindow;
public class ChangeSessionId extends AbstractTestCase {
private Log log = new Log(5);
Button loginButton = new Button("Change session");
boolean requestSessionSwitch = false;
@Override
public void init() {
LegacyWindow mainWindow = new LegacyWindow("Sestest Application");
mainWindow.addComponent(log);
mainWindow.addComponent(loginButton);
mainWindow.addComponent(new Button("Show session id",
new Button.ClickListener() {
@Override
public void buttonClick(ClickEvent event) {
logSessionId();
}
}));
setMainWindow(mainWindow);
loginButton.addListener(new ClickListener() {
@Override
public void buttonClick(ClickEvent event) {
VaadinServletSession context = ((VaadinServletSession) getContext());
String oldSessionId = context.getHttpSession().getId();
context.reinitializeSession();
String newSessionId = context.getHttpSession().getId();
if (oldSessionId.equals(newSessionId)) {
log.log("FAILED! Both old and new session id is "
+ newSessionId);
} else {
log.log("Session id changed successfully from "
+ oldSessionId + " to " + newSessionId);
}
}
});
logSessionId();
}
private void logSessionId() {
log.log("Session id: " + getSessionId());
}
protected String getSessionId() {
return ((VaadinServletSession) getContext()).getHttpSession().getId();
}
@Override
protected String getDescription() {
return "Tests that the session id can be changed to prevent session fixation attacks";
}
@Override
protected Integer getTicketNumber() {
return 6094;
}
}
|
