Cannot modify PLAY_SESSION when calling with no cookie and CSRF token is added to session #3471
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Fixes playframework#3471 Introduced a wrapped context, so calls to mutable objects in the context such as the session modify the original context, not the new one.
Member
|
Pull request attached. Backport to 2.3.x and 2.2.x required. |
huntc
added a commit
that referenced
this pull request
Oct 3, 2014
Cannot modify PLAY_SESSION when calling with no cookie and CSRF token is added to session
jroper
added a commit
that referenced
this pull request
Oct 3, 2014
Fixes #3471 Introduced a wrapped context, so calls to mutable objects in the context such as the session modify the original context, not the new one.
Member
|
Backported to 2.3.x: a5a11b9 |
jroper
added a commit
that referenced
this pull request
Oct 6, 2014
Fixes #3471 Introduced a wrapped context, so calls to mutable objects in the context such as the session modify the original context, not the new one.
Member
|
Backported to 2.2.x: cc7491f |
ClaraAllende
pushed a commit
to ClaraAllende/playframework
that referenced
this pull request
Aug 28, 2015
Fixes playframework#3471 Introduced a wrapped context, so calls to mutable objects in the context such as the session modify the original context, not the new one.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
2 participants
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Using Play for Java version 2.2.3
I've created a small sample app here: https://github.com/Ronnie76er/play-csrf-issue.
What I'm trying to do is add another variable to the play session. It works fine when a cookie with a CSRF token is already established. However, if you call the endpoint with no cookie, you cannot modify the session any further.
I believe what is happening is that Http.Context.current() doesn't get you the current context that's going to be returned with the call, therefore your modifications to the session are useless.