public class SessionCookieConfigImpl extends Object implements SessionCookieConfig, SessionConfig
SessionConfig.SessionCookieSourceATTACHMENT_KEY| Constructor and Description |
|---|
SessionCookieConfigImpl(ServletContextImpl servletContext) |
| Modifier and Type | Method and Description |
|---|---|
void |
clearSession(HttpServerExchange exchange,
String sessionId)
Clears this session from the exchange, removing the attachment and making any changes to the response necessary,
such as clearing cookies.
|
String |
findSessionId(HttpServerExchange exchange)
Retrieves a session id of an existing session from an exchange.
|
String |
getComment()
Gets the comment that will be assigned to any session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was acquired.
|
String |
getDomain()
Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was acquired.
|
SessionConfig |
getFallback() |
int |
getMaxAge()
Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented
by the ServletContext from which this SessionCookieConfig was acquired.
|
String |
getName()
Gets the name that will be assigned to any session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was acquired.
|
String |
getPath()
Gets the path that will be assigned to any session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was acquired.
|
boolean |
isHttpOnly()
Checks if the session tracking cookies created on behalf of the application represented by the
ServletContext from which this SessionCookieConfig was acquired will be marked as
HttpOnly.
|
boolean |
isSecure()
Checks if the session tracking cookies created on behalf of the application represented by the
ServletContext from which this SessionCookieConfig was acquired will be marked as secure
even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.
|
String |
rewriteUrl(String originalUrl,
String sessionid) |
SessionConfig.SessionCookieSource |
sessionCookieSource(HttpServerExchange exchange) |
void |
setComment(String comment)
Sets the comment that will be assigned to any session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was acquired.
|
void |
setDomain(String domain)
Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was acquired.
|
void |
setFallback(SessionConfig fallback) |
void |
setHttpOnly(boolean httpOnly)
Marks or unmarks the session tracking cookies created on behalf of the application represented by the
ServletContext from which this SessionCookieConfig was acquired as HttpOnly.
|
void |
setMaxAge(int maxAge)
Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented
by the ServletContext from which this SessionCookieConfig was acquired.
|
void |
setName(String name)
Sets the name that will be assigned to any session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was acquired.
|
void |
setPath(String path)
Sets the path that will be assigned to any session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was acquired.
|
void |
setSecure(boolean secure)
Marks or unmarks the session tracking cookies created on behalf of the application represented by the
ServletContext from which this SessionCookieConfig was acquired as secure.
|
void |
setSessionId(HttpServerExchange exchange,
String sessionId)
Attaches the session to the exchange.
|
public SessionCookieConfigImpl(ServletContextImpl servletContext)
public String rewriteUrl(String originalUrl, String sessionid)
rewriteUrl in interface SessionConfigpublic void setSessionId(HttpServerExchange exchange, String sessionId)
SessionConfigGenerally this will involve setting a cookie
Once a session has been attached it must be possible to retrieve it via
SessionConfig.findSessionId(io.undertow.server.HttpServerExchange)
setSessionId in interface SessionConfigexchange - The exchangesessionId - The sessionpublic void clearSession(HttpServerExchange exchange, String sessionId)
SessionConfigclearSession in interface SessionConfigexchange - The exchangesessionId - The session idpublic String findSessionId(HttpServerExchange exchange)
SessionConfigfindSessionId in interface SessionConfigexchange - The exchangepublic SessionConfig.SessionCookieSource sessionCookieSource(HttpServerExchange exchange)
sessionCookieSource in interface SessionConfigpublic String getName()
SessionCookieConfigBy default, JSESSIONID will be used as the cookie name.
getName in interface SessionCookieConfigSessionCookieConfig.setName(java.lang.String), or null if SessionCookieConfig.setName(java.lang.String) was never calledCookie.getName()public void setName(String name)
SessionCookieConfigNOTE: Changing the name of session tracking cookies may break other tiers (for example, a load balancing frontend) that assume the cookie name to be equal to the default JSESSIONID, and therefore should only be done cautiously.
setName in interface SessionCookieConfigname - the cookie name to usepublic String getDomain()
SessionCookieConfiggetDomain in interface SessionCookieConfigSessionCookieConfig.setDomain(java.lang.String), or null if SessionCookieConfig.setDomain(java.lang.String) was never calledCookie.getDomain()public void setDomain(String domain)
SessionCookieConfigsetDomain in interface SessionCookieConfigdomain - the cookie domain to useCookie.setDomain(String)public String getPath()
SessionCookieConfigBy default, the context path of the ServletContext from which this SessionCookieConfig was acquired will be used.
getPath in interface SessionCookieConfigSessionCookieConfig.setPath(java.lang.String), or null if SessionCookieConfig.setPath(java.lang.String) was never calledCookie.getPath()public void setPath(String path)
SessionCookieConfigsetPath in interface SessionCookieConfigpath - the cookie path to useCookie.setPath(String)public String getComment()
SessionCookieConfiggetComment in interface SessionCookieConfigSessionCookieConfig.setComment(java.lang.String), or null if SessionCookieConfig.setComment(java.lang.String) was never calledCookie.getComment()public void setComment(String comment)
SessionCookieConfig
As a side effect of this call, the session tracking cookies will be marked with a Version attribute
equal to 1.
setComment in interface SessionCookieConfigcomment - the cookie comment to useCookie.setComment(String),
Cookie.getVersion()public boolean isHttpOnly()
SessionCookieConfigisHttpOnly in interface SessionCookieConfigCookie.isHttpOnly()public void setHttpOnly(boolean httpOnly)
SessionCookieConfigA cookie is marked as HttpOnly by adding the HttpOnly attribute to it. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.
setHttpOnly in interface SessionCookieConfighttpOnly - true if the session tracking cookies created on behalf of the application represented by the
ServletContext from which this SessionCookieConfig was acquired shall be marked
as HttpOnly, false otherwiseCookie.setHttpOnly(boolean)public boolean isSecure()
SessionCookieConfigisSecure in interface SessionCookieConfigCookie.getSecure(),
ServletRequest.isSecure()public void setSecure(boolean secure)
SessionCookieConfigOne use case for marking a session tracking cookie as secure, even though the request that initiated the session came over HTTP, is to support a topology where the web container is front-ended by an SSL offloading load balancer. In this case, the traffic between the client and the load balancer will be over HTTPS, whereas the traffic between the load balancer and the web container will be over HTTP.
setSecure in interface SessionCookieConfigsecure - true if the session tracking cookies created on behalf of the application represented by the
ServletContext from which this SessionCookieConfig was acquired shall be marked
as secure even if the request that initiated the corresponding session is using plain HTTP
instead of HTTPS, and false if they shall be marked as secure only if the request that
initiated the corresponding session was also secureCookie.setSecure(boolean),
ServletRequest.isSecure()public int getMaxAge()
SessionCookieConfigBy default, -1 is returned.
getMaxAge in interface SessionCookieConfigCookie.getMaxAge()public void setMaxAge(int maxAge)
SessionCookieConfigsetMaxAge in interface SessionCookieConfigmaxAge - the lifetime (in seconds) of the session tracking cookies created on behalf of the application
represented by the ServletContext from which this SessionCookieConfig was
acquired.Cookie.setMaxAge(int)public SessionConfig getFallback()
public void setFallback(SessionConfig fallback)
Copyright © 2019 JBoss by Red Hat. All rights reserved.