Illargs on session cookie setting

Author: Katsute

src/main/java/com/kttdevelopment/simplehttpserver/HttpSession.java

@@ -30,7 +30,7 @@ public abstract class HttpSession {
      * @return a {@link HttpSession}
      *
      * @since 02.00.00
-     * @author KTt Development
+     * @author Ktt Development
      */
     synchronized static HttpSession create(){
         return HttpSessionImpl.createHttpSession();

src/main/java/com/kttdevelopment/simplehttpserver/SimpleHttpExchange.java

@@ -320,6 +320,7 @@ static SimpleHttpExchange create(final HttpExchange exchange){
      *
      * @param key name of cookie to set
      * @param value value of cookie
+     * @throws IllegalArgumentException if the cookie name is reserved by the server
      *
      * @see SimpleHttpCookie
      * @see #setCookie(SimpleHttpCookie)
@@ -334,6 +335,7 @@ static SimpleHttpExchange create(final HttpExchange exchange){
      * Sets a cookie in the response header.
      *
      * @param cookie cookie to set
+     * @throws IllegalArgumentException if the cookie name is reserved by the server
      *
      * @see SimpleHttpCookie
      * @see #setCookie(String, String)

src/main/java/com/kttdevelopment/simplehttpserver/SimpleHttpExchangeImpl.java

@@ -316,7 +316,10 @@ public synchronized final void setCookie(final String key, final String value){
 
             @Override
             public synchronized final void setCookie(final SimpleHttpCookie cookie){
-                getResponseHeaders().add("Set-Cookie",cookie.toCookieHeaderString());
+                final String cstring = cookie.toCookieHeaderString();
+                if(cstring.startsWith("__session-id="))
+                    throw new IllegalArgumentException("The cookie '__session-id' can not be set because it is reserved by the server");
+                getResponseHeaders().add("Set-Cookie",cstring);
             }
 
         //
@@ -325,13 +328,15 @@ public synchronized final void setCookie(final SimpleHttpCookie cookie){
             public synchronized final HttpSession getHttpSession(){
                 final String sessionId;
                 final HttpSession session;
+
                 if((sessionId = cookies.get("__session-id")) == null || !HttpSession.sessions.containsKey(sessionId)){
                     session = HttpSession.create();
-                    setCookie(
+                    final SimpleHttpCookie cookie =
                         new SimpleHttpCookie.Builder("__session-id",session.getSessionID())
+                            .setPath("/")
                             .setHttpOnly(true)
-                            .build()
-                    );
+                            .build();
+                    getResponseHeaders().add("Set-Cookie",cookie.toCookieHeaderString()); // bypass implementation
                 }else{
                     session = HttpSession.sessions.get(sessionId);
                 }