From 312c28fd95cda4373e320fbc6ef341f43144dc59 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jose=20Garc=C3=ADa?= <josegar74@gmail.com>
Date: Mon, 23 Oct 2023 12:42:32 +0200
Subject: [PATCH] Fix cookies path when deployed on root "/" context (#7446)

request.getContextPath() for servlets in the root context, returns an empty string instead of /.
The browser doesn't receive the path, uses the request path for the cookie
---
 .../http/SessionTimeoutCookieFilter.java      | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/core/src/main/java/org/geonetwork/http/SessionTimeoutCookieFilter.java b/core/src/main/java/org/geonetwork/http/SessionTimeoutCookieFilter.java
index 21a2227667f..09cba97a0a2 100644
--- a/core/src/main/java/org/geonetwork/http/SessionTimeoutCookieFilter.java
+++ b/core/src/main/java/org/geonetwork/http/SessionTimeoutCookieFilter.java
@@ -24,8 +24,6 @@
 package org.geonetwork.http;
 
 import java.io.IOException;
-import java.util.regex.Matcher;
-import java.util.regex.Pattern;
 
 import javax.servlet.FilterChain;
 import javax.servlet.FilterConfig;
@@ -40,7 +38,6 @@
 import org.apache.commons.lang.StringUtils;
 
 import jeeves.server.UserSession;
-import jeeves.server.dispatchers.ServiceManager;
 import jeeves.server.sources.http.JeevesServlet;
 
 /**
@@ -64,18 +61,20 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filte
         if (session != null) {
             long currTime = System.currentTimeMillis();
 
+            String cookiePath = StringUtils.isBlank(httpReq.getContextPath()) ? "/" : httpReq.getContextPath();
+
             Cookie cookie = new Cookie("serverTime", "" + currTime);
-            cookie.setPath(httpReq.getContextPath());
+            cookie.setPath(cookiePath);
             cookie.setSecure(req.getServletContext().getSessionCookieConfig().isSecure());
             httpResp.addCookie(cookie);
 
             UserSession userSession = null;
-            if (session != null) {
-                Object tmp = session.getAttribute(JeevesServlet.USER_SESSION_ATTRIBUTE_KEY);
-                if (tmp instanceof UserSession) {
-                    userSession = (UserSession) tmp;
-                }
+
+            Object tmp = session.getAttribute(JeevesServlet.USER_SESSION_ATTRIBUTE_KEY);
+            if (tmp instanceof UserSession) {
+                userSession = (UserSession) tmp;
             }
+
             // If user is authenticated, then set expiration time
             if (userSession != null && StringUtils.isNotEmpty(userSession.getName())) {
                 long expiryTime = currTime + session.getMaxInactiveInterval() * 1000;
@@ -83,7 +82,7 @@ public void doFilter(ServletRequest req, ServletResponse resp, FilterChain filte
             } else {
                 cookie = new Cookie("sessionExpiry", "" + currTime);
             }
-            cookie.setPath(httpReq.getContextPath());
+            cookie.setPath(cookiePath);
             cookie.setSecure(req.getServletContext().getSessionCookieConfig().isSecure());
             httpResp.addCookie(cookie);
         }