utils: fix invalid JSESSIONID cookie in https setup (apache#9856)

* utils: fix invalid JSESSIONID cookie in https setup

When enable.secure.session.cookie is set to true, use cannot login with error
```
    2024-10-25T09:03:33,898 DEBUG [c.c.u.HttpUtils] (qtp384617262-21:[ctx-a3ee3670]) (logid:7c5bfd8d) jsessionidFromCookie = node017ygldpe44nub1frmqafsj0qmc18
    2024-10-25T09:03:33,898 DEBUG [c.c.u.HttpUtils] (qtp384617262-21:[ctx-a3ee3670]) (logid:7c5bfd8d) session.getId() = node017ygldpe44nub1frmqafsj0qmc18
    2024-10-25T09:03:33,898 ERROR [c.c.u.HttpUtils] (qtp384617262-21:[ctx-a3ee3670]) (logid:7c5bfd8d) JSESSIONID from cookie is invalid.
```

* pr9856 option 2: check only if jsessionid is not null

Author: weizhouapache

utils/src/main/java/com/cloud/utils/HttpUtils.java

@@ -117,8 +117,8 @@ public static boolean validateSessionKey(final HttpSession session, final Map<St
             return false;
         }
         final String jsessionidFromCookie = HttpUtils.findCookie(cookies, "JSESSIONID");
-        if (jsessionidFromCookie == null
-                || !(jsessionidFromCookie.startsWith(session.getId() + '.'))) {
+        if (jsessionidFromCookie != null
+                && !(jsessionidFromCookie.equals(session.getId()) || jsessionidFromCookie.startsWith(session.getId() + '.'))) {
             LOGGER.error("JSESSIONID from cookie is invalid.");
             return false;
         }

utils/src/test/java/com/cloud/utils/HttpUtilsTest.java

@@ -74,7 +74,7 @@ public void validateSessionKeyTest() {
         params = null;
         cookies = new Cookie[]{new Cookie(sessionKeyString, sessionKeyValue)};
         assertFalse(HttpUtils.validateSessionKey(session, params, cookies, "randomString", HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // param null, cookies not null test (JSESSIONID is not null and matches)
         cookies = new Cookie[2];
@@ -95,7 +95,7 @@ public void validateSessionKeyTest() {
         cookies = null;
         assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         params.put(sessionKeyString, new String[]{sessionKeyValue});
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // both param and cookies not null test (JSESSIONID is null)
         params = new HashMap<String, Object[]>();
@@ -104,7 +104,7 @@ public void validateSessionKeyTest() {
         params.put(sessionKeyString, new String[]{"incorrectValue"});
         assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
         params.put(sessionKeyString, new String[]{sessionKeyValue});
-        assertFalse(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
+        assertTrue(HttpUtils.validateSessionKey(session, params, cookies, sessionKeyString, HttpUtils.ApiSessionKeyCheckOption.CookieOrParameter));
 
         // both param and cookies not null test (JSESSIONID is not null but mismatches)
         params = new HashMap<String, Object[]>();