1
2
3
4
5
6
7
8
9
10
11
12
13
14 package org.eclipse.jetty.server.session;
15
16 import java.security.SecureRandom;
17 import java.util.Random;
18
19 import javax.servlet.http.HttpServletRequest;
20
21 import org.eclipse.jetty.server.SessionIdManager;
22 import org.eclipse.jetty.util.component.AbstractLifeCycle;
23 import org.eclipse.jetty.util.log.Log;
24 import org.eclipse.jetty.util.log.Logger;
25
26 public abstract class AbstractSessionIdManager extends AbstractLifeCycle implements SessionIdManager
27 {
28 private static final Logger LOG = Log.getLogger(AbstractSessionIdManager.class);
29
30 private final static String __NEW_SESSION_ID="org.eclipse.jetty.server.newSessionId";
31
32 protected Random _random;
33 protected boolean _weakRandom;
34 protected String _workerName;
35
36
37 public AbstractSessionIdManager()
38 {
39 }
40
41
42 public AbstractSessionIdManager(Random random)
43 {
44 _random=random;
45 }
46
47
48
49
50
51
52
53
54
55 public String getWorkerName()
56 {
57 return _workerName;
58 }
59
60
61
62
63
64
65
66
67 public void setWorkerName(String workerName)
68 {
69 if (workerName.contains("."))
70 throw new IllegalArgumentException("Name cannot contain '.'");
71 _workerName=workerName;
72 }
73
74
75 public Random getRandom()
76 {
77 return _random;
78 }
79
80
81 public void setRandom(Random random)
82 {
83 _random=random;
84 _weakRandom=false;
85 }
86
87
88
89
90
91
92
93 public String newSessionId(HttpServletRequest request, long created)
94 {
95 synchronized (this)
96 {
97 if (request!=null)
98 {
99
100 String requested_id=request.getRequestedSessionId();
101 if (requested_id!=null)
102 {
103 String cluster_id=getClusterId(requested_id);
104 if (idInUse(cluster_id))
105 return cluster_id;
106 }
107
108
109 String new_id=(String)request.getAttribute(__NEW_SESSION_ID);
110 if (new_id!=null&&idInUse(new_id))
111 return new_id;
112 }
113
114
115 String id=null;
116 while (id==null||id.length()==0||idInUse(id))
117 {
118 long r0=_weakRandom
119 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
120 :_random.nextLong();
121 if (r0<0)
122 r0=-r0;
123 long r1=_weakRandom
124 ?(hashCode()^Runtime.getRuntime().freeMemory()^_random.nextInt()^(((long)request.hashCode())<<32))
125 :_random.nextLong();
126 if (r1<0)
127 r1=-r1;
128 id=Long.toString(r0,36)+Long.toString(r1,36);
129
130
131
132 if (_workerName!=null)
133 id=_workerName + id;
134 }
135
136 request.setAttribute(__NEW_SESSION_ID,id);
137 return id;
138 }
139 }
140
141
142 @Override
143 protected void doStart() throws Exception
144 {
145 initRandom();
146 }
147
148
149 @Override
150 protected void doStop() throws Exception
151 {
152 }
153
154
155
156
157
158
159
160 public void initRandom ()
161 {
162 if (_random==null)
163 {
164 try
165 {
166 _random=new SecureRandom();
167 }
168 catch (Exception e)
169 {
170 LOG.warn("Could not generate SecureRandom for session-id randomness",e);
171 _random=new Random();
172 _weakRandom=true;
173 }
174 }
175 else
176 _random.setSeed(_random.nextLong()^System.currentTimeMillis()^hashCode()^Runtime.getRuntime().freeMemory());
177 }
178
179
180 }