Fix cookies path when deployed on root "/" context (geonetwork#7446)

request.getContextPath() for servlets in the root context, returns an empty string instead of /. The browser doesn't receive the path, uses the request path for the cookie
SuperOctocat · Oct 23, 2023 · 312c28f · 312c28f
1 parent a68e672
commit 312c28f
Showing 1 changed file with 9 additions and 10 deletions.
diff --git a/core/src/main/java/org/geonetwork/http/SessionTimeoutCookieFilter.java b/core/src/main/java/org/geonetwork/http/SessionTimeoutCookieFilter.java
@@ -24,8 +24,6 @@
 package org.geonetwork.http;
 
 import java.io.IOException;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -40,7 +38,6 @@
 import org.apache.commons.lang.StringUtils;
 
 import jeeves.server.UserSession;
-import jeeves.server.dispatchers.ServiceManager;
 import jeeves.server.sources.http.JeevesServlet;
 
 /**
@@ -64,26 +61,28 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filte
         if (session != null) {
             long currTime = System.currentTimeMillis();
 
+            String cookiePath = StringUtils.isBlank(httpReq.getContextPath()) ? "/" : httpReq.getContextPath();
+
             Cookie cookie = new Cookie("serverTime", "" + currTime);
-            cookie.setPath(httpReq.getContextPath());
+            cookie.setPath(cookiePath);
             cookie.setSecure(req.getServletContext().getSessionCookieConfig().isSecure());
             httpResp.addCookie(cookie);
 
             UserSession userSession = null;
-            if (session != null) {
-                Object tmp = session.getAttribute(JeevesServlet.USER_SESSION_ATTRIBUTE_KEY);
-                if (tmp instanceof UserSession) {
-                    userSession = (UserSession) tmp;
-                }
+
+            Object tmp = session.getAttribute(JeevesServlet.USER_SESSION_ATTRIBUTE_KEY);
+            if (tmp instanceof UserSession) {
+                userSession = (UserSession) tmp;
             }
+
             // If user is authenticated, then set expiration time
             if (userSession != null && StringUtils.isNotEmpty(userSession.getName())) {
                 long expiryTime = currTime + session.getMaxInactiveInterval() * 1000;
                 cookie = new Cookie("sessionExpiry", "" + expiryTime);
             } else {
                 cookie = new Cookie("sessionExpiry", "" + currTime);
             }
-            cookie.setPath(httpReq.getContextPath());
+            cookie.setPath(cookiePath);
             cookie.setSecure(req.getServletContext().getSessionCookieConfig().isSecure());
             httpResp.addCookie(cookie);
         }