io.undertow.servlet.spec

Class SessionCookieConfigImpl

java.lang.Object

io.undertow.servlet.spec.SessionCookieConfigImpl

All Implemented Interfaces:

SessionConfig, SessionCookieConfig

public class SessionCookieConfigImpl
extends Object
implements SessionCookieConfig, SessionConfig

Author:

Stuart Douglas

Nested Class Summary

Nested classes/interfaces inherited from interface io.undertow.server.session.SessionConfig

SessionConfig.SessionCookieSource

Field Summary

Fields inherited from interface io.undertow.server.session.SessionConfig

ATTACHMENT_KEY

Constructor Summary

Constructors

Constructor and Description
SessionCookieConfigImpl(ServletContextImpl servletContext)

Method Summary

Modifier and Type	Method and Description
void	clearSession(HttpServerExchange exchange, String sessionId) Clears this session from the exchange, removing the attachment and making any changes to the response necessary, such as clearing cookies.
String	findSessionId(HttpServerExchange exchange) Retrieves a session id of an existing session from an exchange.
String	getComment() Gets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
String	getDomain() Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
SessionConfig	getFallback()
int	getMaxAge() Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
String	getName() Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
String	getPath() Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
boolean	isHttpOnly() Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.
boolean	isSecure() Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.
String	rewriteUrl(String originalUrl, String sessionid)
SessionConfig.SessionCookieSource	sessionCookieSource(HttpServerExchange exchange)
void	setComment(String comment) Sets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setDomain(String domain) Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setFallback(SessionConfig fallback)
void	setHttpOnly(boolean httpOnly) Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.
void	setMaxAge(int maxAge) Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setName(String name) Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setPath(String path) Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setSecure(boolean secure) Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.
void	setSessionId(HttpServerExchange exchange, String sessionId) Attaches the session to the exchange.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SessionCookieConfigImpl

public SessionCookieConfigImpl(ServletContextImpl servletContext)

Method Detail

rewriteUrl

public String rewriteUrl(String originalUrl,
                         String sessionid)

Specified by:

rewriteUrl in interface SessionConfig

setSessionId

public void setSessionId(HttpServerExchange exchange,
                         String sessionId)

Description copied from interface: SessionConfig

Attaches the session to the exchange. The method should attach the exchange under an attachment key, and should also modify the exchange to allow the session to be re-attached on the next request.

Generally this will involve setting a cookie

Once a session has been attached it must be possible to retrieve it via SessionConfig.findSessionId(io.undertow.server.HttpServerExchange)

Specified by:

setSessionId in interface SessionConfig

Parameters:

exchange - The exchange

sessionId - The session

clearSession

public void clearSession(HttpServerExchange exchange,
                         String sessionId)

Description copied from interface: SessionConfig

Clears this session from the exchange, removing the attachment and making any changes to the response necessary, such as clearing cookies.

Specified by:

clearSession in interface SessionConfig

Parameters:

exchange - The exchange

sessionId - The session id

findSessionId

public String findSessionId(HttpServerExchange exchange)

Description copied from interface: SessionConfig

Retrieves a session id of an existing session from an exchange.

Specified by:

findSessionId in interface SessionConfig

Parameters:

exchange - The exchange

Returns:

The session id, or null

sessionCookieSource

public SessionConfig.SessionCookieSource sessionCookieSource(HttpServerExchange exchange)

Specified by:

sessionCookieSource in interface SessionConfig

getName

public String getName()

Description copied from interface: SessionCookieConfig

Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

By default, JSESSIONID will be used as the cookie name.

Specified by:

getName in interface SessionCookieConfig

Returns:

the cookie name set via SessionCookieConfig.setName(java.lang.String), or null if SessionCookieConfig.setName(java.lang.String) was never called

See Also:

Cookie.getName()

setName

public void setName(String name)

Description copied from interface: SessionCookieConfig

Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

NOTE: Changing the name of session tracking cookies may break other tiers (for example, a load balancing frontend) that assume the cookie name to be equal to the default JSESSIONID, and therefore should only be done cautiously.

Specified by:

setName in interface SessionCookieConfig

Parameters:

name - the cookie name to use

getDomain

public String getDomain()

Description copied from interface: SessionCookieConfig

Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Specified by:

getDomain in interface SessionCookieConfig

Returns:

the cookie domain set via SessionCookieConfig.setDomain(java.lang.String), or null if SessionCookieConfig.setDomain(java.lang.String) was never called

See Also:

Cookie.getDomain()

setDomain

public void setDomain(String domain)

Description copied from interface: SessionCookieConfig

Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Specified by:

setDomain in interface SessionCookieConfig

Parameters:

domain - the cookie domain to use

See Also:

Cookie.setDomain(String)

getPath

public String getPath()

Description copied from interface: SessionCookieConfig

Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

By default, the context path of the ServletContext from which this SessionCookieConfig was acquired will be used.

Specified by:

getPath in interface SessionCookieConfig

Returns:

the cookie path set via SessionCookieConfig.setPath(java.lang.String), or null if SessionCookieConfig.setPath(java.lang.String) was never called

See Also:

Cookie.getPath()

setPath

public void setPath(String path)

Description copied from interface: SessionCookieConfig

Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Specified by:

setPath in interface SessionCookieConfig

Parameters:

path - the cookie path to use

See Also:

Cookie.setPath(String)

getComment

public String getComment()

Description copied from interface: SessionCookieConfig

Gets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Specified by:

getComment in interface SessionCookieConfig

Returns:

the cookie comment set via SessionCookieConfig.setComment(java.lang.String), or null if SessionCookieConfig.setComment(java.lang.String) was never called

See Also:

Cookie.getComment()

setComment

public void setComment(String comment)

Description copied from interface: SessionCookieConfig

Sets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

As a side effect of this call, the session tracking cookies will be marked with a Version attribute equal to 1.

Specified by:

setComment in interface SessionCookieConfig

Parameters:

comment - the cookie comment to use

See Also:

Cookie.setComment(String), Cookie.getVersion()

isHttpOnly

public boolean isHttpOnly()

Description copied from interface: SessionCookieConfig

Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.

Specified by:

isHttpOnly in interface SessionCookieConfig

Returns:

true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly, false otherwise

See Also:

Cookie.isHttpOnly()

setHttpOnly

public void setHttpOnly(boolean httpOnly)

Description copied from interface: SessionCookieConfig

Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.

A cookie is marked as HttpOnly by adding the HttpOnly attribute to it. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.

Specified by:

setHttpOnly in interface SessionCookieConfig

Parameters:

httpOnly - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as HttpOnly, false otherwise

See Also:

Cookie.setHttpOnly(boolean)

isSecure

public boolean isSecure()

Description copied from interface: SessionCookieConfig

Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.

Specified by:

isSecure in interface SessionCookieConfig

Returns:

true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they will be marked as secure only if the request that initiated the corresponding session was also secure

See Also:

Cookie.getSecure(), ServletRequest.isSecure()

setSecure

public void setSecure(boolean secure)

Description copied from interface: SessionCookieConfig

Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.

One use case for marking a session tracking cookie as secure, even though the request that initiated the session came over HTTP, is to support a topology where the web container is front-ended by an SSL offloading load balancer. In this case, the traffic between the client and the load balancer will be over HTTPS, whereas the traffic between the load balancer and the web container will be over HTTP.

Specified by:

setSecure in interface SessionCookieConfig

Parameters:

secure - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they shall be marked as secure only if the request that initiated the corresponding session was also secure

See Also:

Cookie.setSecure(boolean), ServletRequest.isSecure()

getMaxAge

public int getMaxAge()

Description copied from interface: SessionCookieConfig

Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

By default, -1 is returned.

Specified by:

getMaxAge in interface SessionCookieConfig

Returns:

the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired, or -1 (the default)

See Also:

Cookie.getMaxAge()

setMaxAge

public void setMaxAge(int maxAge)

Description copied from interface: SessionCookieConfig

Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Specified by:

setMaxAge in interface SessionCookieConfig

Parameters:

maxAge - the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

See Also:

Cookie.setMaxAge(int)

getFallback

public SessionConfig getFallback()

setFallback

public void setFallback(SessionConfig fallback)