blob: 2c2a75a56fe6a7bfe437e7c01f9c8315c858582a (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
|
package com.vaadin.tests.applicationcontext;
import com.vaadin.server.VaadinService;
import com.vaadin.tests.components.AbstractTestCase;
import com.vaadin.tests.util.Log;
import com.vaadin.ui.Button;
import com.vaadin.ui.LegacyWindow;
public class ChangeSessionId extends AbstractTestCase {
private Log log = new Log(5);
Button loginButton = new Button("Change session");
boolean requestSessionSwitch = false;
@Override
public void init() {
LegacyWindow mainWindow = new LegacyWindow("Sestest Application");
mainWindow.addComponent(log);
mainWindow.addComponent(loginButton);
mainWindow.addComponent(
new Button("Show session id", event -> logSessionId()));
setMainWindow(mainWindow);
loginButton.addClickListener(event -> {
String oldSessionId = getSessionId();
VaadinService
.reinitializeSession(VaadinService.getCurrentRequest());
String newSessionId = getSessionId();
if (oldSessionId.equals(newSessionId)) {
log.log("FAILED! Both old and new session id is "
+ newSessionId);
} else {
log.log("Session id changed successfully from " + oldSessionId
+ " to " + newSessionId);
}
});
logSessionId();
}
private void logSessionId() {
log.log("Session id: " + getSessionId());
}
protected String getSessionId() {
return getContext().getSession().getId();
}
@Override
protected String getDescription() {
return "Tests that the session id can be changed to prevent session fixation attacks";
}
@Override
protected Integer getTicketNumber() {
return 6094;
}
}
|
