Cookie name prefix __Host- is added only when https is used

svenzik · svenzik · commit a9ab5dd09839 · 2025-06-09T08:06:13.000+02:00
WE2-967

Signed-off-by: Sven Mitt &lt;svenzik@users.noreply.github.com&gt;
diff --git a/example/src/main/resources/application.properties b/example/src/main/resources/application.properties
@@ -1,2 +1 @@
 spring.profiles.active=dev
-server.servlet.session.cookie.name=__Host-JSESSIONID
diff --git a/example/src/test/java/eu/webeid/example/config/CookieHttpTest.java b/example/src/test/java/eu/webeid/example/config/CookieHttpTest.java
@@ -0,0 +1,28 @@
+package eu.webeid.example.config;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.SessionCookieConfig;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext;
+import org.springframework.test.context.TestPropertySource;
+
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(properties = {"web-eid-auth-token.validation.local-origin=http://localhost"})
+class CookieHttpTest {
+
+    @Autowired
+    private ServletWebServerApplicationContext context;
+
+    @Test
+    void whenLocalOriginStartsWithHttp_thenCookeDoesNotHaveHostPrefix() {
+        ServletContext servletContext = context.getServletContext();
+        SessionCookieConfig cookieConfig = servletContext.getSessionCookieConfig();
+        assertThat(cookieConfig.getName()).isEqualTo("JSESSIONID");
+    }
+
+}
diff --git a/example/src/test/java/eu/webeid/example/config/CookieHttpsTest.java b/example/src/test/java/eu/webeid/example/config/CookieHttpsTest.java
@@ -0,0 +1,28 @@
+package eu.webeid.example.config;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.SessionCookieConfig;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext;
+import org.springframework.test.context.TestPropertySource;
+
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(properties = {"web-eid-auth-token.validation.local-origin=https://localhost"})
+class CookieHttpsTest {
+
+    @Autowired
+    private ServletWebServerApplicationContext context;
+
+    @Test
+    void whenLocalOriginStartsWithHttp_thenCookeDoesNotHaveHostPrefix() {
+        ServletContext servletContext = context.getServletContext();
+        SessionCookieConfig cookieConfig = servletContext.getSessionCookieConfig();
+        assertThat(cookieConfig.getName()).isEqualTo("__Host-JSESSIONID");
+    }
+
+}

Original file line number	Diff line number	Diff line change
`@@ -1,2 +1 @@`
`1`	`1`	`spring.profiles.active=dev`
`2`		`-server.servlet.session.cookie.name=__Host-JSESSIONID`