From e377dcf81ba3cc8cb6f5fcab45defdf7278c355a Mon Sep 17 00:00:00 2001
From: Rob Winch <rwinch@users.noreply.github.com>
Date: Tue, 21 Nov 2017 16:55:05 -0600
Subject: [PATCH] Make SessionManagementConfigTests deterministic

Fixes: gh-4871
---
 .../security/config/http/SessionManagementConfigTests.groovy | 5 ++---
 1 file changed, 2 insertions(+), 3 deletions(-)

diff --git a/config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy b/config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy
index 56be20884a..a4e2e6748c 100644
--- a/config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy
+++ b/config/src/test/groovy/org/springframework/security/config/http/SessionManagementConfigTests.groovy
@@ -394,7 +394,6 @@ class SessionManagementConfigTests extends AbstractHttpConfigTests {
 	def 'session-fixation-protection=migrateSession'() {
 		setup:
 		MockHttpServletRequest request = new MockHttpServletRequest(method:'POST')
-		request.session.id = '123'
 		request.setParameter('username', 'user')
 		request.setParameter('password', 'password')
 		request.servletPath = '/login'
@@ -406,13 +405,13 @@ class SessionManagementConfigTests extends AbstractHttpConfigTests {
 			csrf(disabled:true)
 		}
 		createAppContext()
-		request.session.id = '123'
+		String originalId = request.session.id
 
 		when:
 		springSecurityFilterChain.doFilter(request,response, chain)
 
 		then:
-		request.session.id != '123'
+		request.session.id != originalId
 	}
 
 	def disablingSessionProtectionRetainsSessionManagementFilterInvalidSessionUrlSet() {