in Utils/AzureAuthenticationFilter/src/main/java/com/microsoft/azure/oidc/filter/helper/impl/SimpleAuthenticationHelper.java [392:440]
private HttpServletRequest clearSessionCoookie(final HttpServletRequest httpRequest,
final HttpServletResponse httpResponse, final Token token, final State state) {
if (httpRequest == null || httpResponse == null || token == null || state == null) {
throw new PreconditionException("Required parameter is null");
}
final Cookie redisSessionCookie = getCookie(httpRequest, "SESSION");
final Cookie javaSessionCookie = getCookie(httpRequest, "JSESSIONID");
if (redisSessionCookie != null || javaSessionCookie != null) {
if (token.getUserID().toString().equals(state.getUserID())) {
if (redisSessionCookie != null && redisSessionCookie.getValue().equals(state.getSessionName())) {
return httpRequest;
}
if (javaSessionCookie != null && javaSessionCookie.getValue().equals(state.getSessionName())) {
return httpRequest;
}
}
if (redisSessionCookie != null) {
redisSessionCookie.setMaxAge(0);
httpResponse.addCookie(redisSessionCookie);
HttpSession session = httpRequest.getSession(false);
if (session != null) {
session.invalidate();
}
}
if (javaSessionCookie != null) {
javaSessionCookie.setMaxAge(0);
httpResponse.addCookie(javaSessionCookie);
HttpSession session = httpRequest.getSession(false);
if (session != null) {
session.invalidate();
}
}
return new HttpServletRequestWrapper(httpRequest) {
@Override
public Cookie[] getCookies() {
final List<Cookie> cookieList = new ArrayList<Cookie>();
for (Cookie cookie : httpRequest.getCookies()) {
if (!cookie.getName().equals("SESSION") && !cookie.getName().equals("JSESSIONID")) {
cookieList.add(cookie);
}
}
final Cookie[] cookieArray = new Cookie[cookieList.size()];
cookieList.toArray(cookieArray);
return cookieArray;
}
};
}
return httpRequest;
}