You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There are a couple of different strategies available to users for performing session fixation. One such, ChangeSessionIdSessionAuthenticationStrategy, requires a method only available on HttpServletRequest since Servlet 3.1.
Because of this, its constructor checks for the existence of that method and throws an exception otherwise.
Now that the Spring Framework baseline is Servlet 3.1, that check is no longer necessary.
This commit removes existence validation of a method only available in Servlet 3.1.
Spring Framework baseline is Servlet 3.1 so is not longer required.
Fixes: spring-projectsgh-6259
When using AssertJ, it's easy to commit the following error
assertThat(some boolean condition)
The above actually does nothing. It at least needs to be
assertThat(some boolean condition).isTrue()
This commit refines some assertions that were missing a verify
condition.
Also, one Javadoc was just a little bit confusing, so this
clarifies it.
Issue: gh-6259
Related to #6220
There are a couple of different strategies available to users for performing session fixation. One such,
ChangeSessionIdSessionAuthenticationStrategy
, requires a method only available onHttpServletRequest
since Servlet 3.1.Because of this, its constructor checks for the existence of that method and throws an exception otherwise.
Now that the Spring Framework baseline is Servlet 3.1, that check is no longer necessary.
Also, the corresponding
try/catch
inSessionManagementConfigurer
and the corresponding conditional inHttpConfigurationBuilder
are no longer necessary.Of course, this also means that tests that confirm this behavior can also be removed.
The text was updated successfully, but these errors were encountered: