Cwikius-Spring
/
spring-security
mirror of https://github.com/spring-projects/spring-security.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

CookieClearingLogoutHandler adds uses contextPath + "/" 

Fixes: gh-2325
This commit is contained in:
Rob Winch 2018-03-19 16:41:27 -05:00
parent 018ab7d92c
commit 7e6ed52603
2 changed files with 3 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
web/src/main/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandler.java
View File

@ -22,7 +22,6 @@ import javax.servlet.http.HttpServletResponse;
import org.springframework.security.core.Authentication;
import org.springframework.util.Assert;
import org.springframework.util.StringUtils;
/**
* A logout handler which clears a defined list of cookies, using the context path as the
@ -43,10 +42,7 @@ public final class CookieClearingLogoutHandler implements LogoutHandler {
Authentication authentication) {
for (String cookieName : cookiesToClear) {
Cookie cookie = new Cookie(cookieName, null);
String cookiePath = request.getContextPath();
if (!StringUtils.hasLength(cookiePath)) {
cookiePath = "/";
}
String cookiePath = request.getContextPath() + "/";
cookie.setPath(cookiePath);
cookie.setMaxAge(0);
response.addCookie(cookie);

3
web/src/test/java/org/springframework/security/web/authentication/logout/CookieClearingLogoutHandlerTests.java
View File

@ -55,7 +55,8 @@ public class CookieClearingLogoutHandlerTests {
handler.logout(request, response, mock(Authentication.class));
assertThat(response.getCookies()).hasSize(2);
for (Cookie c : response.getCookies()) {
assertThat(c.getPath()).isEqualTo("/app");
// gh-2325
assertThat(c.getPath()).isEqualTo("/app/");
assertThat(c.getMaxAge()).isZero();
}
}