package com.vaadin.tests.applicationcontext;
import com.vaadin.server.VaadinService;
import com.vaadin.tests.components.AbstractTestCase;
import com.vaadin.tests.util.Log;
import com.vaadin.ui.Button;
import com.vaadin.ui.Button.ClickEvent;
import com.vaadin.ui.Button.ClickListener;
import com.vaadin.ui.LegacyWindow;
public class ChangeSessionId extends AbstractTestCase {
private Log log = new Log(5);
Button loginButton = new Button("Change session");
boolean requestSessionSwitch = false;
@Override
public void init() {
LegacyWindow mainWindow = new LegacyWindow("Sestest Application");
mainWindow.addComponent(log);
mainWindow.addComponent(loginButton);
mainWindow.addComponent(new Button("Show session id",
new Button.ClickListener() {
@Override
public void buttonClick(ClickEvent event) {
logSessionId();
}
}));
setMainWindow(mainWindow);
loginButton.addClickListener(new ClickListener() {
@Override
public void buttonClick(ClickEvent event) {
String oldSessionId = getSessionId();
VaadinService.reinitializeSession(VaadinService
.getCurrentRequest());
String newSessionId = getSessionId();
if (oldSessionId.equals(newSessionId)) {
log.log("FAILED! Both old and new session id is "
+ newSessionId);
} else {
log.log("Session id changed successfully from "
+ oldSessionId + " to " + newSessionId);
}
}
});
logSessionId();
}
private void logSessionId() {
log.log("Session id: " + getSessionId());
}
protected String getSessionId() {
return getContext().getSession().getId();
}
@Override
protected String getDescription() {
return "Tests that the session id can be changed to prevent session fixation attacks";
}
@Override
protected Integer getTicketNumber() {
return 6094;
}
}