Merge pull request #5722 from govuk-one-login/ATO-1331/add-browserses…

…sionid-to-orchsessionitem ATO-1331: Add browserSessionId to OrchSessionItem
govuk-one-login · Jan 13, 2025 · 4fc0337 · 4fc0337
2 parents ec988c8 + 95722af
commit 4fc0337
Show file tree

Hide file tree

Showing 4 changed files with 170 additions and 70 deletions.
diff --git a/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandler.java b/oidc-api/src/main/java/uk/gov/di/authentication/oidc/lambda/AuthorisationHandler.java
@@ -616,9 +616,10 @@ private APIGatewayProxyResponseEvent handleAuthJourney(
         Optional<String> existingSessionId = existingSession.map(Session::getSessionId);
 
         if (existingSession.isEmpty() || existingOrchSessionOptional.isEmpty()) {
-            session = sessionService.generateSession();
-            var newSessionId = session.getSessionId();
-            orchSession = createNewOrchSession(newSessionId);
+            var newSessionId = IdGenerator.generate();
+            var newBrowserSessionId = IdGenerator.generate();
+            session = sessionService.generateSession(newSessionId, newBrowserSessionId);
+            orchSession = createNewOrchSession(newSessionId, newBrowserSessionId);
             LOG.info("Created session with id: {}", newSessionId);
         } else {
             var maxAgeParam = getMaxAge(authenticationRequest);
@@ -634,14 +635,18 @@ && maxAgeExpired(
                             timeNow)) {
                 var newSessionIdForPreviousSession = IdGenerator.generate();
                 var newSessionId = IdGenerator.generate();
+                var newBrowserSessionId = IdGenerator.generate();
                 session =
                         updateSharedSessionDueToMaxAgeExpiry(
                                 existingSession.get(),
                                 newSessionIdForPreviousSession,
-                                newSessionId);
+                                newSessionId,
+                                newBrowserSessionId);
+
                 orchSession =
                         updateOrchSessionDueToMaxAgeExpiry(
                                 newSessionId,
+                                newBrowserSessionId,
                                 existingOrchSessionOptional.get(),
                                 timeNow,
                                 newSessionIdForPreviousSession);
@@ -670,6 +675,11 @@ && maxAgeExpired(
                         session.getSessionId());
             }
         }
+        var browserSessionIdsMatch =
+                Objects.equals(session.getBrowserSessionId(), orchSession.getBrowserSessionId());
+        LOG.info(
+                "Orch session and shared session {}have the same browserSessionId",
+                !browserSessionIdsMatch ? "do not " : "");
 
         attachSessionIdToLogs(session);
         attachOrchSessionIdToLogs(orchSession.getSessionId());
@@ -702,8 +712,9 @@ && maxAgeExpired(
                 orchSession);
     }
 
-    private OrchSessionItem createNewOrchSession(String sessionId) {
-        var newOrchSessionItem = new OrchSessionItem(sessionId);
+    private OrchSessionItem createNewOrchSession(String sessionId, String browserSessionId) {
+        var newOrchSessionItem =
+                new OrchSessionItem(sessionId).withBrowserSessionId(browserSessionId);
         orchSessionService.addSession(newOrchSessionItem);
         LOG.info("Created new Orch session with session ID: {}", sessionId);
         return newOrchSessionItem;
@@ -726,6 +737,7 @@ private OrchSessionItem updateOrchSession(
 
     private OrchSessionItem updateOrchSessionDueToMaxAgeExpiry(
             String newSessionId,
+            String newBrowserSessionId,
             OrchSessionItem previousSession,
             long timeNow,
             String newSessionIdForPreviousSession) {
@@ -739,6 +751,7 @@ private OrchSessionItem updateOrchSessionDueToMaxAgeExpiry(
         OrchSessionItem newSession =
                 new OrchSessionItem(previousSession)
                         .withSessionId(newSessionId)
+                        .withBrowserSessionId(newBrowserSessionId)
                         .withTimeToLive(timeNow + configurationService.getSessionExpiry())
                         .withCurrentCredentialStrength(null)
                         .withAuthenticated(false)
@@ -749,9 +762,14 @@ private OrchSessionItem updateOrchSessionDueToMaxAgeExpiry(
     }
 
     private Session updateSharedSessionDueToMaxAgeExpiry(
-            Session previousSession, String newSessionIdForPreviousSession, String newSessionId) {
+            Session previousSession,
+            String newSessionIdForPreviousSession,
+            String newSessionId,
+            String newBrowserSessionId) {
         sessionService.updateWithNewSessionId(previousSession, newSessionIdForPreviousSession);
-        var newSession = sessionService.copySessionForMaxAge(previousSession, newSessionId);
+        var newSession =
+                sessionService.copySessionForMaxAge(
+                        previousSession, newSessionId, newBrowserSessionId);
         sessionService.storeOrUpdateSession(newSession);
         return newSession;
     }