summaryrefslogtreecommitdiffstats
path: root/uitest/src/com/vaadin/tests/applicationcontext/ChangeSessionId.java
blob: 9146cf5deab609232fea1771b0ef11538cbcd85e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
package com.vaadin.tests.applicationcontext;

import com.vaadin.server.WebApplicationContext;
import com.vaadin.tests.components.AbstractTestCase;
import com.vaadin.tests.util.Log;
import com.vaadin.ui.Button;
import com.vaadin.ui.Button.ClickEvent;
import com.vaadin.ui.Button.ClickListener;
import com.vaadin.ui.UI.LegacyWindow;

public class ChangeSessionId extends AbstractTestCase {

    private Log log = new Log(5);
    Button loginButton = new Button("Change session");
    boolean requestSessionSwitch = false;

    @Override
    public void init() {
        LegacyWindow mainWindow = new LegacyWindow("Sestest Application");
        mainWindow.addComponent(log);
        mainWindow.addComponent(loginButton);
        mainWindow.addComponent(new Button("Show session id",
                new Button.ClickListener() {

                    @Override
                    public void buttonClick(ClickEvent event) {
                        logSessionId();
                    }
                }));
        setMainWindow(mainWindow);

        loginButton.addListener(new ClickListener() {
            @Override
            public void buttonClick(ClickEvent event) {
                WebApplicationContext context = ((WebApplicationContext) getContext());

                String oldSessionId = context.getHttpSession().getId();
                context.reinitializeSession();
                String newSessionId = context.getHttpSession().getId();
                if (oldSessionId.equals(newSessionId)) {
                    log.log("FAILED! Both old and new session id is "
                            + newSessionId);
                } else {
                    log.log("Session id changed successfully from "
                            + oldSessionId + " to " + newSessionId);
                }

            }
        });
        logSessionId();
    }

    private void logSessionId() {
        log.log("Session id: " + getSessionId());
    }

    protected String getSessionId() {
        return ((WebApplicationContext) getContext()).getHttpSession().getId();
    }

    @Override
    protected String getDescription() {
        return "Tests that the session id can be changed to prevent session fixation attacks";
    }

    @Override
    protected Integer getTicketNumber() {
        return 6094;
    }

}