Skip to content

Commit f476f10

Browse files
ibodrovibodrov
authored
oidc: handle session invalidation errors (#1239)
Improve the handling of session invalidation errors. Useful for multi-server setups in situations when the session cookie is being loaded on a different server than created it.
1 parent a84e292 commit f476f10

File tree

1 file changed

+12
-3
lines changed

1 file changed

+12
-3
lines changed

server/plugins/oidc/src/main/java/com/walmartlabs/concord/server/plugins/oidc/OidcCallbackFilter.java

Lines changed: 12 additions & 3 deletions
Original file line numberDiff line numberDiff line change
@@ -30,6 +30,7 @@
3030
import javax.servlet.ServletResponse;
3131
import javax.servlet.http.HttpServletRequest;
3232
import javax.servlet.http.HttpServletResponse;
33+
import javax.servlet.http.HttpSession;
3334
import java.io.IOException;
3435

3536
public class OidcCallbackFilter implements Filter {
@@ -87,7 +88,7 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
8788

8889
if (code == null || state == null || !state.equals(expectedState)) {
8990
log.warn("Invalid callback parameters: code={}, state={}, expectedState={}", code != null, state, expectedState);
90-
session.invalidate();
91+
invalidateOrWarn(session);
9192
resp.sendRedirect(resp.encodeRedirectURL(OidcAuthFilter.URL + "?from=" + postLoginUrl));
9293
return;
9394
}
@@ -103,9 +104,17 @@ public void doFilter(ServletRequest request, ServletResponse response, FilterCha
103104
resp.sendRedirect(resp.encodeRedirectURL(postLoginUrl));
104105

105106
} catch (Exception e) {
106-
log.warn("OIDC callback error: {}", e.getMessage());
107-
session.invalidate();
107+
log.warn("OIDC callback error", e);
108+
invalidateOrWarn(session);
108109
resp.sendRedirect(resp.encodeRedirectURL(OidcAuthFilter.URL + "?from=" + postLoginUrl));
109110
}
110111
}
112+
113+
private static void invalidateOrWarn(HttpSession session) {
114+
try {
115+
session.invalidate();
116+
} catch (Exception e) {
117+
log.warn("Unable to invalidate the session", e);
118+
}
119+
}
111120
}

0 commit comments

Comments
 (0)