micronaut-security icon indicating copy to clipboard operation
micronaut-security copied to clipboard
verified publisher icon micronaut-projects

Unhandled exception in case of malformed session cookie (server returns 500 Internal Server Error)

Open mancze opened this issue 1 year ago • 0 comments

Expected Behavior

Micronaut server should not return 500 Internal Server Error in case of malformed session cookie in the request. It is incorrectly formatted request which should be categorized as 4xx.

Actual Behaviour

Response 500 Internal Server Error is sent because of the unhandled exception:

Unexpected error occurred: Illegal base64 character 5f
java.lang.IllegalArgumentException: Illegal base64 character 5f
	at java.base/java.util.Base64$Decoder.decode0(Base64.java:847)
	at java.base/java.util.Base64$Decoder.decode(Base64.java:566)
	at java.base/java.util.Base64$Decoder.decode(Base64.java:589)
	at io.micronaut.session.http.CookieHttpSessionIdGenerator.sessionIdFromCookie(CookieHttpSessionIdGenerator.java:77)
	at io.micronaut.session.http.CookieHttpSessionStrategy.resolveIds(CookieHttpSessionStrategy.java:78)
	at io.micronaut.session.http.HttpSessionFilter.doFilter(HttpSessionFilter.java:85)
	at io.micronaut.http.filter.HttpServerFilter.doFilter(HttpServerFilter.java:48)

Steps To Reproduce

  • Run ApplicationTest in the example application

Environment Information

No response

Example Application

https://github.com/mancze/micronaut-sandbox/commit/9980567f6e6b32b2e71f8d3f42c07b25a78282e6

Version

4.5.0

mancze avatar Aug 01 '24 14:08 mancze