Pull session from request when creating outbound cookie
authorlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 11:58:23 +0000 (11:58 +0000)
committerlajoie <lajoie@ab3bd59b-922f-494d-bb5f-6f0a3c29deca>
Thu, 10 Jan 2008 11:58:23 +0000 (11:58 +0000)
git-svn-id: https://subversion.switch.ch/svn/shibboleth/java-idp/trunk@2544 ab3bd59b-922f-494d-bb5f-6f0a3c29deca

src/edu/internet2/middleware/shibboleth/idp/session/IdPSessionFilter.java
src/edu/internet2/middleware/shibboleth/idp/session/Session.java

index c6e02c4..3459261 100644 (file)
@@ -107,14 +107,20 @@ public class IdPSessionFilter implements Filter {
      */
     protected void addIdPSessionCookieToResponse(HttpServletRequest request, HttpServletResponse response,
             Session userSession) {
-        Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, userSession.getSessionID());
-        sessionCookie.setDomain(request.getLocalName());
-        sessionCookie.setPath(request.getContextPath());
-        sessionCookie.setSecure(false);
+        if (userSession == null) {
+            userSession = (Session) request.getAttribute(Session.HTTP_SESSION_BINDING_ATTRIBUTE);
+        }
+
+        if (userSession != null) {
+            Cookie sessionCookie = new Cookie(IDP_SESSION_COOKIE_NAME, userSession.getSessionID());
+            sessionCookie.setDomain(request.getLocalName());
+            sessionCookie.setPath(request.getContextPath());
+            sessionCookie.setSecure(false);
 
-        int maxAge = (int) (userSession.getInactivityTimeout() / 1000);
-        sessionCookie.setMaxAge(maxAge);
+            int maxAge = (int) (userSession.getInactivityTimeout() / 1000);
+            sessionCookie.setMaxAge(maxAge);
 
-        response.addCookie(sessionCookie);
+            response.addCookie(sessionCookie);
+        }
     }
 }
\ No newline at end of file
index 1cff894..d5fe520 100644 (file)
@@ -23,7 +23,7 @@ import java.util.Map;
  */
 public interface Session extends edu.internet2.middleware.shibboleth.common.session.Session {
 
-    /** Name of the HttpSession attribute to which a users IdP session is bound. */
+    /** Name of the HTTP request attribute to which a users IdP session is bound. */
     public static final String HTTP_SESSION_BINDING_ATTRIBUTE = "ShibbolethIdPSession";
 
     /**