Cookie name prefix __Host- is added only when https is used

WE2-967

Signed-off-by: Sven Mitt <[email protected]>

Author: svenzik

example/src/main/resources/application.properties

@@ -1,2 +1 @@
 spring.profiles.active=dev
-server.servlet.session.cookie.name=__Host-JSESSIONID

example/src/test/java/eu/webeid/example/config/CookieHttpTest.java

@@ -0,0 +1,28 @@
+package eu.webeid.example.config;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.SessionCookieConfig;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext;
+import org.springframework.test.context.TestPropertySource;
+
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(properties = {"web-eid-auth-token.validation.local-origin=http://localhost"})
+class CookieHttpTest {
+
+    @Autowired
+    private ServletWebServerApplicationContext context;
+
+    @Test
+    void whenLocalOriginStartsWithHttp_thenCookeDoesNotHaveHostPrefix() {
+        ServletContext servletContext = context.getServletContext();
+        SessionCookieConfig cookieConfig = servletContext.getSessionCookieConfig();
+        assertThat(cookieConfig.getName()).isEqualTo("JSESSIONID");
+    }
+
+}

example/src/test/java/eu/webeid/example/config/CookieHttpsTest.java

@@ -0,0 +1,28 @@
+package eu.webeid.example.config;
+
+import static org.assertj.core.api.Assertions.assertThat;
+
+import jakarta.servlet.ServletContext;
+import jakarta.servlet.SessionCookieConfig;
+import org.junit.jupiter.api.Test;
+import org.springframework.beans.factory.annotation.Autowired;
+import org.springframework.boot.test.context.SpringBootTest;
+import org.springframework.boot.test.context.SpringBootTest.WebEnvironment;
+import org.springframework.boot.web.servlet.context.ServletWebServerApplicationContext;
+import org.springframework.test.context.TestPropertySource;
+
+@SpringBootTest(webEnvironment = WebEnvironment.RANDOM_PORT)
+@TestPropertySource(properties = {"web-eid-auth-token.validation.local-origin=https://localhost"})
+class CookieHttpsTest {
+
+    @Autowired
+    private ServletWebServerApplicationContext context;
+
+    @Test
+    void whenLocalOriginStartsWithHttp_thenCookeDoesNotHaveHostPrefix() {
+        ServletContext servletContext = context.getServletContext();
+        SessionCookieConfig cookieConfig = servletContext.getSessionCookieConfig();
+        assertThat(cookieConfig.getName()).isEqualTo("__Host-JSESSIONID");
+    }
+
+}