javax.servlet

Interface SessionCookieConfig

All Known Implementing Classes:

SessionCookieConfigImpl

public interface SessionCookieConfig

Class that may be used to configure various properties of cookies used for session tracking purposes.

An instance of this class is acquired by a call to ServletContext.getSessionCookieConfig().

Since:

Servlet 3.0

Method Summary

Modifier and Type	Method and Description
String	getComment() Gets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
String	getDomain() Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
int	getMaxAge() Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
String	getName() Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
String	getPath() Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
boolean	isHttpOnly() Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.
boolean	isSecure() Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.
void	setComment(String comment) Sets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setDomain(String domain) Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setHttpOnly(boolean httpOnly) Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.
void	setMaxAge(int maxAge) Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setName(String name) Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setPath(String path) Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
void	setSecure(boolean secure) Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.

Method Detail

setName

void setName(String name)

Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

NOTE: Changing the name of session tracking cookies may break other tiers (for example, a load balancing frontend) that assume the cookie name to be equal to the default JSESSIONID, and therefore should only be done cautiously.

Parameters:

name - the cookie name to use

Throws:

IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

getName

String getName()

Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

By default, JSESSIONID will be used as the cookie name.

Returns:

the cookie name set via setName(java.lang.String), or null if setName(java.lang.String) was never called

See Also:

Cookie.getName()

setDomain

void setDomain(String domain)

Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Parameters:

domain - the cookie domain to use

Throws:

IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

See Also:

Cookie.setDomain(String)

getDomain

String getDomain()

Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Returns:

the cookie domain set via setDomain(java.lang.String), or null if setDomain(java.lang.String) was never called

See Also:

Cookie.getDomain()

setPath

void setPath(String path)

Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Parameters:

path - the cookie path to use

Throws:

IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

See Also:

Cookie.setPath(String)

getPath

String getPath()

Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

By default, the context path of the ServletContext from which this SessionCookieConfig was acquired will be used.

Returns:

the cookie path set via setPath(java.lang.String), or null if setPath(java.lang.String) was never called

See Also:

Cookie.getPath()

setComment

void setComment(String comment)

Sets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

As a side effect of this call, the session tracking cookies will be marked with a Version attribute equal to 1.

Parameters:

comment - the cookie comment to use

Throws:

IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

See Also:

Cookie.setComment(String), Cookie.getVersion()

getComment

String getComment()

Gets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Returns:

the cookie comment set via setComment(java.lang.String), or null if setComment(java.lang.String) was never called

See Also:

Cookie.getComment()

setHttpOnly

void setHttpOnly(boolean httpOnly)

Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.

A cookie is marked as HttpOnly by adding the HttpOnly attribute to it. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.

Parameters:

httpOnly - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as HttpOnly, false otherwise

Throws:

IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

See Also:

Cookie.setHttpOnly(boolean)

isHttpOnly

boolean isHttpOnly()

Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.

Returns:

true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly, false otherwise

See Also:

Cookie.isHttpOnly()

setSecure

void setSecure(boolean secure)

Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.

One use case for marking a session tracking cookie as secure, even though the request that initiated the session came over HTTP, is to support a topology where the web container is front-ended by an SSL offloading load balancer. In this case, the traffic between the client and the load balancer will be over HTTPS, whereas the traffic between the load balancer and the web container will be over HTTP.

Parameters:

secure - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they shall be marked as secure only if the request that initiated the corresponding session was also secure

Throws:

IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

See Also:

Cookie.setSecure(boolean), ServletRequest.isSecure()

isSecure

boolean isSecure()

Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.

Returns:

true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they will be marked as secure only if the request that initiated the corresponding session was also secure

See Also:

Cookie.getSecure(), ServletRequest.isSecure()

setMaxAge

void setMaxAge(int maxAge)

Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Parameters:

maxAge - the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

Throws:

IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

See Also:

Cookie.setMaxAge(int)

getMaxAge

int getMaxAge()

Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

By default, -1 is returned.

Returns:

the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired, or -1 (the default)

See Also:

Cookie.getMaxAge()