Log if state gets overwritten after successful login

Valentin Brückel · Valentin Brückel · commit 7a1acafd03e1 · 2025-05-07T17:41:40.000+02:00
diff --git a/core/src/main/java/com/predic8/membrane/core/interceptor/oauth2client/rf/OAuth2CallbackRequestHandler.java b/core/src/main/java/com/predic8/membrane/core/interceptor/oauth2client/rf/OAuth2CallbackRequestHandler.java
@@ -111,6 +111,9 @@ public boolean handleRequest(Exchange exc, Session session) throws Exception {
             }
 
             // state in session can be "merged" -> save the selected state in session overwriting the possibly merged value
+            if (!(session.get(ParamNames.STATE).equals(stateFromUri))) {
+                log.warn("Replacing saved state '{}' with '{}'", session.get(ParamNames.STATE), stateFromUri);
+            }
             session.put(ParamNames.STATE, stateFromUri);
 
             AbstractExchangeSnapshot originalRequest = originalExchangeStore.reconstruct(exc, session, stateFromUri);

Original file line number	Diff line number	Diff line change
`@@ -111,6 +111,9 @@ public boolean handleRequest(Exchange exc, Session session) throws Exception {`
`111`	`111`	`}`
`112`	`112`
`113`	`113`	`// state in session can be "merged" -> save the selected state in session overwriting the possibly merged value`
	`114`	`+ if (!(session.get(ParamNames.STATE).equals(stateFromUri))) {`
	`115`	`+ log.warn("Replacing saved state '{}' with '{}'", session.get(ParamNames.STATE), stateFromUri);`
	`116`	`+ }`
`114`	`117`	`session.put(ParamNames.STATE, stateFromUri);`
`115`	`118`
`116`	`119`	`AbstractExchangeSnapshot originalRequest = originalExchangeStore.reconstruct(exc, session, stateFromUri);`