search

ninjaframework / ninja

Ninja is a full stack web framework for Java. Rock solid, fast and super productive.
http://www.ninjaframework.org
Apache License 2.0
1.91k stars 518 forks source link

Cookie domain is not set when clearing session #462

Closed cbxp closed 6 years ago

cbxp commented 8 years ago

Currently, when calling Session#clear, cookie domain is not set when it was set previously, thus cookie is not deleted in the client.

Here's how to reproduce it:

1) Configure cookie domain

# conf/application.conf
application.cookie.domain=cookie-domain.com

2) Create a session

session.put("foo", "bar");

3) Clear session

session.clear();

Expected: Cookie is deleted in the browser.

Actual: Cookie is not deleted because cookie domain is not set when "clearing" cookie.

We are using currently version 5.2.2, but it also seems to exist in master (didn't verify yet): https://github.com/ninjaframework/ninja/blob/develop/ninja-core/src/main/java/ninja/session/SessionImpl.java#L223-L235

raphaelbauer commented 8 years ago

Very nice report - that's absolutely true and a bug! We'll fix that asap...

raphaelbauer commented 8 years ago

Hey @cbxp - could you check that https://github.com/ninjaframework/ninja/pull/463 fixes the issue? Thanks!