From 6d027900ee3a1567a5bd95c028b2be16ea503a2c Mon Sep 17 00:00:00 2001 From: Vedran Pavic Date: Tue, 15 May 2018 08:21:26 +0200 Subject: [PATCH] Fix caching of requested session in SessionRepositoryFilter Closes gh-1076 --- .../web/http/SessionRepositoryFilter.java | 7 ++--- .../http/SessionRepositoryFilterTests.java | 27 +++++++++++++++++++ 2 files changed, 31 insertions(+), 3 deletions(-) diff --git a/spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java b/spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java index b5e016c9..74bc1a12 100644 --- a/spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java +++ b/spring-session-core/src/main/java/org/springframework/session/web/http/SessionRepositoryFilter.java @@ -230,7 +230,8 @@ public class SessionRepositoryFilter extends OncePerRequestFi } else { S session = wrappedSession.getSession(); - saveSession(session); + clearRequestedSessionCache(); + SessionRepositoryFilter.this.sessionRepository.save(session); String sessionId = session.getId(); if (!isRequestedSessionIdValid() || !sessionId.equals(getRequestedSessionId())) { @@ -371,10 +372,9 @@ public class SessionRepositoryFilter extends OncePerRequestFi return this.requestedSession; } - private void saveSession(S session) { + private void clearRequestedSessionCache() { this.requestedSessionCached = false; this.requestedSession = null; - SessionRepositoryFilter.this.sessionRepository.save(session); } /** @@ -394,6 +394,7 @@ public class SessionRepositoryFilter extends OncePerRequestFi super.invalidate(); SessionRepositoryRequestWrapper.this.requestedSessionInvalidated = true; setCurrentSession(null); + clearRequestedSessionCache(); SessionRepositoryFilter.this.sessionRepository.deleteById(getId()); } } diff --git a/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java b/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java index 50e185ff..225e2d5b 100644 --- a/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java +++ b/spring-session-core/src/test/java/org/springframework/session/web/http/SessionRepositoryFilterTests.java @@ -67,6 +67,7 @@ import static org.mockito.BDDMockito.given; import static org.mockito.Mockito.never; import static org.mockito.Mockito.reset; import static org.mockito.Mockito.spy; +import static org.mockito.Mockito.times; import static org.mockito.Mockito.verify; import static org.mockito.Mockito.verifyZeroInteractions; @@ -1335,6 +1336,32 @@ public class SessionRepositoryFilterTests { verifyZeroInteractions(sessionRepository); } + @Test + public void doFilterSessionRetrievalIsCached() throws Exception { + MapSession session = this.sessionRepository.createSession(); + this.sessionRepository.save(session); + SessionRepository sessionRepository = spy(this.sessionRepository); + setSessionCookie(session.getId()); + + this.filter = new SessionRepositoryFilter<>(sessionRepository); + + doFilter(new DoInFilter() { + @Override + public void doFilter(HttpServletRequest wrappedRequest, + HttpServletResponse wrappedResponse) { + wrappedRequest.getSession().invalidate(); + wrappedRequest.getSession(); + } + }); + + // 3 invocations expected: initial resolution, after invalidation, after commit + verify(sessionRepository, times(3)).findById(eq(session.getId())); + verify(sessionRepository).deleteById(eq(session.getId())); + verify(sessionRepository).createSession(); + verify(sessionRepository).save(any()); + verifyZeroInteractions(sessionRepository); + } + // --- order @Test