Package io.undertow.servlet.spec

Class SessionCookieConfigImpl

    • Method Summary

      All Methods Instance Methods Concrete Methods Deprecated Methods 
      Modifier and Type Method Description
      void clearSession​(HttpServerExchange exchange, String sessionId)
      Clears this session from the exchange, removing the attachment and making any changes to the response necessary, such as clearing cookies.
      String findSessionId​(HttpServerExchange exchange)
      Retrieves a session id of an existing session from an exchange.
      String getAttribute​(String name)
      Obtain the value for a given session cookie attribute.
      Map<String,​String> getAttributes()
      Obtain the Map (keys are case insensitive) of all attributes and values, including those set via the attribute specific setters, (excluding version) for this SessionCookieConfig.
      String getComment()
      Deprecated.
      String getDomain()
      Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      SessionConfig getFallback()  
      int getMaxAge()
      Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      String getName()
      Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      String getPath()
      Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      boolean isHttpOnly()
      Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.
      boolean isSecure()
      Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.
      String rewriteUrl​(String originalUrl, String sessionid)  
      SessionConfig.SessionCookieSource sessionCookieSource​(HttpServerExchange exchange)  
      void setAttribute​(String name, String value)
      Sets the value for the given session cookie attribute.
      void setComment​(String comment)
      Deprecated.
      void setDomain​(String domain)
      Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      void setFallback​(SessionConfig fallback)  
      void setHttpOnly​(boolean httpOnly)
      Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.
      void setMaxAge​(int maxAge)
      Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      void setName​(String name)
      Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      void setPath​(String path)
      Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
      void setSecure​(boolean secure)
      Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.
      void setSessionId​(HttpServerExchange exchange, String sessionId)
      Attaches the session to the exchange.

    • Constructor Detail

      • SessionCookieConfigImpl

        public SessionCookieConfigImpl​(ServletContextImpl servletContext)

    • Method Detail

      • setSessionId

        public void setSessionId​(HttpServerExchange exchange,
                         String sessionId)
        Description copied from interface: SessionConfig
        Attaches the session to the exchange. The method should attach the exchange under an attachment key, and should also modify the exchange to allow the session to be re-attached on the next request.

        Generally this will involve setting a cookie

        Once a session has been attached it must be possible to retrieve it via SessionConfig.findSessionId(io.undertow.server.HttpServerExchange)

        Specified by:
        setSessionId in interface SessionConfig
        Parameters:
        exchange - The exchange
        sessionId - The session

      • clearSession

        public void clearSession​(HttpServerExchange exchange,
                         String sessionId)
        Description copied from interface: SessionConfig
        Clears this session from the exchange, removing the attachment and making any changes to the response necessary, such as clearing cookies.
        Specified by:
        clearSession in interface SessionConfig
        Parameters:
        exchange - The exchange
        sessionId - The session id

      • findSessionId

        public String findSessionId​(HttpServerExchange exchange)
        Description copied from interface: SessionConfig
        Retrieves a session id of an existing session from an exchange.
        Specified by:
        findSessionId in interface SessionConfig
        Parameters:
        exchange - The exchange
        Returns:
        The session id, or null

      • setName

        public void setName​(String name)
        Description copied from interface: SessionCookieConfig
        Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

        NOTE: Changing the name of session tracking cookies may break other tiers (for example, a load balancing frontend) that assume the cookie name to be equal to the default JSESSIONID, and therefore should only be done cautiously.

        Specified by:
        setName in interface SessionCookieConfig
        Parameters:
        name - the cookie name to use

      • setDomain

        public void setDomain​(String domain)
        Description copied from interface: SessionCookieConfig
        Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
        Specified by:
        setDomain in interface SessionCookieConfig
        Parameters:
        domain - the cookie domain to use
        See Also:
        Cookie.setDomain(String)

      • setPath

        public void setPath​(String path)
        Description copied from interface: SessionCookieConfig
        Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
        Specified by:
        setPath in interface SessionCookieConfig
        Parameters:
        path - the cookie path to use
        See Also:
        Cookie.setPath(String)

      • isHttpOnly

        public boolean isHttpOnly()
        Description copied from interface: SessionCookieConfig
        Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.
        Specified by:
        isHttpOnly in interface SessionCookieConfig
        Returns:
        true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly, false otherwise
        See Also:
        Cookie.isHttpOnly()

      • setHttpOnly

        public void setHttpOnly​(boolean httpOnly)
        Description copied from interface: SessionCookieConfig
        Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.

        A cookie is marked as HttpOnly by adding the HttpOnly attribute to it. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.

        Specified by:
        setHttpOnly in interface SessionCookieConfig
        Parameters:
        httpOnly - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as HttpOnly, false otherwise
        See Also:
        Cookie.setHttpOnly(boolean)

      • isSecure

        public boolean isSecure()
        Description copied from interface: SessionCookieConfig
        Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.
        Specified by:
        isSecure in interface SessionCookieConfig
        Returns:
        true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they will be marked as secure only if the request that initiated the corresponding session was also secure
        See Also:
        Cookie.getSecure(), ServletRequest.isSecure()

      • setSecure

        public void setSecure​(boolean secure)
        Description copied from interface: SessionCookieConfig
        Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.

        One use case for marking a session tracking cookie as secure, even though the request that initiated the session came over HTTP, is to support a topology where the web container is front-ended by an SSL offloading load balancer. In this case, the traffic between the client and the load balancer will be over HTTPS, whereas the traffic between the load balancer and the web container will be over HTTP.

        Specified by:
        setSecure in interface SessionCookieConfig
        Parameters:
        secure - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they shall be marked as secure only if the request that initiated the corresponding session was also secure
        See Also:
        Cookie.setSecure(boolean), ServletRequest.isSecure()

      • getMaxAge

        public int getMaxAge()
        Description copied from interface: SessionCookieConfig
        Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

        By default, -1 is returned.

        Specified by:
        getMaxAge in interface SessionCookieConfig
        Returns:
        the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired, or -1 (the default)
        See Also:
        Cookie.getMaxAge()

      • setMaxAge

        public void setMaxAge​(int maxAge)
        Description copied from interface: SessionCookieConfig
        Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
        Specified by:
        setMaxAge in interface SessionCookieConfig
        Parameters:
        maxAge - the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.
        See Also:
        Cookie.setMaxAge(int)

      • setFallback

        public void setFallback​(SessionConfig fallback)

      • setAttribute

        public void setAttribute​(String name,
                         String value)
        Description copied from interface: SessionCookieConfig
        Sets the value for the given session cookie attribute. When a value is set via this method, the value returned by the attribute specific getter (if any) must be consistent with the value set via this method.
        Specified by:
        setAttribute in interface SessionCookieConfig
        Parameters:
        name - Name of attribute to set, case insensitive
        value - Value of attribute

      • getAttribute

        public String getAttribute​(String name)
        Description copied from interface: SessionCookieConfig
        Obtain the value for a given session cookie attribute. Values returned from this method must be consistent with the values set and returned by the attribute specific getters and setters in this class.
        Specified by:
        getAttribute in interface SessionCookieConfig
        Parameters:
        name - Name of attribute to return, case insensitive
        Returns:
        Value of specified attribute

      • getAttributes

        public Map<String,​String> getAttributes()
        Description copied from interface: SessionCookieConfig
        Obtain the Map (keys are case insensitive) of all attributes and values, including those set via the attribute specific setters, (excluding version) for this SessionCookieConfig.
        Specified by:
        getAttributes in interface SessionCookieConfig
        Returns:
        A read-only Map of attributes to values, excluding version.