search

sahaya / rest-assured

Automatically exported from code.google.com/p/rest-assured
0 stars 0 forks source link

Session cookie for authentication is lost in 303 redirect #242

Closed GoogleCodeExporter closed 9 years ago

GoogleCodeExporter commented 9 years ago 
What steps will reproduce the problem?

1. Write a test with a FormAuthentication

RestAssured.authentication = form("myuser", "secret", new 
FormAuthConfig("/authenticate", "username", "password"));

2. Test with a login method that sets a session cookie and redirects to another 
resource with a 303.

// Play Framework 2.0 controller
    session().put("username", username);
    return redirect(routes.Application.index());

3. In the next request the session cookie is lost and the user is not 
authenticated anymore.

If I change the redirect to a 302 found response, the behavior is correct and 
the cookie is not lost.

For my tests I used 1.7 as well as 1.8.0.

Original issue reported on code.google.com by tilmanpo...@googlemail.com on 5 Jun 2013 at 3:30

GoogleCodeExporter commented 9 years ago 
See this blog 
http://www.jayway.com/2012/10/17/what-you-may-not-know-about-http-redirects/

Original comment by johan.ha...@gmail.com on 19 Nov 2013 at 6:41