From 30f77f0ef285ccfba5dcec31c5b63d63d504ce6a Mon Sep 17 00:00:00 2001
From: Thomas <>
Date: Thu, 23 May 2024 16:21:38 +0200
Subject: fix(core): enable re-setting of already existing security HTTP
 cookies

---
 .../core/impl/idp/validation/CookieBasedRequestValidator.java     | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
index 4b69d17b..a0a3f793 100644
--- a/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
+++ b/eaaf_core/src/main/java/at/gv/egiz/eaaf/core/impl/idp/validation/CookieBasedRequestValidator.java
@@ -29,14 +29,16 @@ public class CookieBasedRequestValidator implements IHttpRequestValidator {
       @Nonnull final IRequest pendingReq) throws EaafSecurityException {
     try {
       log.debug("Injecting authentication-process HTTP cookie ... ");
-      String authProcessIdentifier = UUID.randomUUID().toString();
+      String storedAuthProcessIdentifier = pendingReq.getRawData(HTTP_COOKIE_SEC, String.class);
+      String authProcessIdentifier = StringUtils.isNotEmpty(storedAuthProcessIdentifier)
+          ? storedAuthProcessIdentifier
+          : UUID.randomUUID().toString();
       httpResponse.addCookie(generatePendingRequestIdCookie(authProcessIdentifier, pendingReq));
       pendingReq.setRawDataToTransaction(HTTP_COOKIE_SEC, authProcessIdentifier);
 
     } catch (MalformedURLException | EaafStorageException e) {
       throw new EaafSecurityException("process.81", e);
     }
-
   }
 
   @Override
@@ -53,7 +55,7 @@ public class CookieBasedRequestValidator implements IHttpRequestValidator {
       } else {
         log.info("Stored authentication-process-Id:{} does not match to Id from HTTP cookie:{}",
             storedAuthProcessIdentifier,
-            authProcessIdentifier != null ? authProcessIdentifier.toString() : " ---no cookie---");
+            authProcessIdentifier != null ? authProcessIdentifier.getValue() : " ---no cookie---");
         throw new EaafSecurityException("process.80");
         
       }
-- 
cgit v1.2.3