From 1453996265d452706efde3f5a98881641cec8f2e Mon Sep 17 00:00:00 2001 From: cuitianhao <54015884+tianhaocui@users.noreply.github.com> Date: Sun, 19 Apr 2026 01:08:09 +0800 Subject: [PATCH] Align MockHttpServletRequest.isRequestedSessionIdValid() with Servlet 6.1 Change requestedSessionIdValid field from boolean (default true) to @Nullable Boolean (default null). When not explicitly set via setRequestedSessionIdValid(), isRequestedSessionIdValid() now calculates the return value by checking if the requested session ID matches the current session's ID, aligning with the Servlet 6.1 specification. Closes gh-36631 Signed-off-by: cuitianhao <54015884+tianhaocui@users.noreply.github.com> --- .../mock/web/MockHttpServletRequest.java | 20 +++++++++++++++++-- 1 file changed, 18 insertions(+), 2 deletions(-) diff --git a/spring-test/src/main/java/org/springframework/mock/web/MockHttpServletRequest.java b/spring-test/src/main/java/org/springframework/mock/web/MockHttpServletRequest.java index e0074b2b8892..8e6dd7b8184d 100644 --- a/spring-test/src/main/java/org/springframework/mock/web/MockHttpServletRequest.java +++ b/spring-test/src/main/java/org/springframework/mock/web/MockHttpServletRequest.java @@ -250,7 +250,7 @@ public class MockHttpServletRequest implements HttpServletRequest { private @Nullable HttpSession session; - private boolean requestedSessionIdValid = true; + private @Nullable Boolean requestedSessionIdValid; private boolean requestedSessionIdFromCookie = true; @@ -1348,9 +1348,25 @@ public void setRequestedSessionIdValid(boolean requestedSessionIdValid) { this.requestedSessionIdValid = requestedSessionIdValid; } + /** + * Return whether the requested session ID is still valid. + *

If {@link #setRequestedSessionIdValid} has not been called explicitly, + * this method calculates the value based on whether the + * {@linkplain #getRequestedSessionId() requested session ID} matches the + * ID of the {@linkplain #getSession(boolean) current session}, aligning + * with the Servlet 6.1 specification. + */ @Override public boolean isRequestedSessionIdValid() { - return this.requestedSessionIdValid; + if (this.requestedSessionIdValid != null) { + return this.requestedSessionIdValid; + } + String requestedId = getRequestedSessionId(); + if (requestedId == null) { + return false; + } + HttpSession currentSession = getSession(false); + return (currentSession != null && requestedId.equals(currentSession.getId())); } public void setRequestedSessionIdFromCookie(boolean requestedSessionIdFromCookie) {