public class SessionHandler extends ScopedHandler
Modifier and Type | Class and Description |
---|---|
class |
SessionHandler.CookieConfig
CookieConfig
Implementation of the javax.servlet.SessionCookieConfig.
|
class |
SessionHandler.SessionAsyncListener
SessionAsyncListener
Used to ensure that a request for which async has been started
has its session completed as the request exits the context.
|
static interface |
SessionHandler.SessionIf
SessionIf
Interface that any session wrapper should implement so that
SessionManager may access the Jetty session implementation.
|
AbstractHandler.ErrorDispatchHandler
AbstractLifeCycle.AbstractLifeCycleListener
LifeCycle.Listener
Container.InheritedListener, Container.Listener
_nextScope, _outerScope
_handler
FAILED, RUNNING, STARTED, STARTING, STOP_ON_FAILURE, STOPPED, STOPPING
Constructor and Description |
---|
SessionHandler()
Constructor.
|
Modifier and Type | Method and Description |
---|---|
HttpCookie |
access(HttpSession session,
boolean secure)
Called by the
SessionHandler when a session is first accessed by a request. |
void |
addEventListener(EventListener listener)
Adds an event listener for session-related events.
|
protected void |
checkRequestedSessionId(Request baseRequest,
HttpServletRequest request)
Look for a requested session ID in cookies and URI parameters
|
void |
clearEventListeners()
Removes all event listeners for session-related events.
|
void |
complete(HttpSession session)
Called by the
SessionHandler when a session is last accessed by a request. |
void |
complete(Session session,
Request request) |
void |
doHandle(String target,
Request baseRequest,
HttpServletRequest request,
HttpServletResponse response)
Do the handler work within the scope.
|
void |
doScope(String target,
Request baseRequest,
HttpServletRequest request,
HttpServletResponse response)
Scope the handler
|
void |
doSessionAttributeListeners(Session session,
String name,
Object old,
Object value) |
protected void |
doStart()
Starts the managed lifecycle beans in the order they were added.
|
protected void |
doStop()
Stops the managed lifecycle beans in the reverse order they were added.
|
Set<SessionTrackingMode> |
getDefaultSessionTrackingModes() |
Set<SessionTrackingMode> |
getEffectiveSessionTrackingModes() |
String |
getExtendedId(HttpSession session) |
boolean |
getHttpOnly() |
HttpSession |
getHttpSession(String extendedId)
Returns the
HttpSession with the given session id |
String |
getId(HttpSession session) |
int |
getMaxCookieAge() |
int |
getMaxInactiveInterval() |
int |
getRefreshCookieAge() |
Scheduler |
getScheduler() |
boolean |
getSecureCookies() |
Session |
getSession(String id)
Get a known existing session
|
SessionCache |
getSessionCache() |
String |
getSessionCookie() |
HttpCookie |
getSessionCookie(HttpSession session,
String contextPath,
boolean requestIsSecure)
A session cookie is marked as secure IFF any of the following conditions are true:
SessionCookieConfig.setSecure == true
SessionCookieConfig.setSecure == false && _secureRequestOnly==true && request is HTTPS
According to SessionCookieConfig javadoc, case 1 can be used when:
"...
|
SessionCookieConfig |
getSessionCookieConfig() |
String |
getSessionDomain() |
SessionIdManager |
getSessionIdManager()
Gets the cross context session id manager
|
String |
getSessionIdPathParameterName() |
String |
getSessionIdPathParameterNamePrefix() |
String |
getSessionPath() |
int |
getSessionsCreated() |
long |
getSessionTimeMax() |
double |
getSessionTimeMean() |
double |
getSessionTimeStdDev() |
long |
getSessionTimeTotal() |
void |
invalidate(String id)
Called when a session has expired.
|
boolean |
isCheckingRemoteSessionIdEncoding() |
boolean |
isIdInUse(String id)
Check if id is in use by this context
|
boolean |
isNodeIdInSessionId() |
boolean |
isSecureRequestOnly() |
boolean |
isUsingCookies() |
boolean |
isUsingURLs() |
boolean |
isValid(HttpSession session) |
HttpSession |
newHttpSession(HttpServletRequest request)
Creates a new
HttpSession . |
void |
removeEventListener(EventListener listener)
Removes an event listener for for session-related events.
|
Session |
removeSession(String id,
boolean invalidate)
Remove session from manager
|
void |
renewSessionId(String oldId,
String oldExtendedId,
String newId,
String newExtendedId)
Change the existing session id.
|
void |
scavenge()
Called periodically by the HouseKeeper to handle the list of
sessions that have expired since the last call to scavenge.
|
void |
sessionInactivityTimerExpired(Session session)
Each session has a timer that is configured to go off
when either the session has not been accessed for a
configurable amount of time, or the session itself
has passed its expiry.
|
void |
setCheckingRemoteSessionIdEncoding(boolean remote) |
void |
setHttpOnly(boolean httpOnly) |
void |
setMaxInactiveInterval(int seconds)
Sets the max period of inactivity, after which the session is invalidated, in seconds.
|
void |
setNodeIdInSessionId(boolean nodeIdInSessionId) |
void |
setRefreshCookieAge(int ageInSeconds) |
void |
setSecureRequestOnly(boolean secureRequestOnly)
HTTPS request.
|
void |
setSessionCache(SessionCache cache) |
void |
setSessionCookie(String cookieName) |
void |
setSessionIdManager(SessionIdManager metaManager) |
void |
setSessionIdPathParameterName(String param)
Sets the session id URL path parameter name.
|
void |
setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes) |
void |
setUsingCookies(boolean usingCookies) |
protected void |
shutdownSessions()
Prepare sessions for session manager shutdown
|
void |
statsReset()
Reset statistics values
|
String |
toString() |
handle, nextHandle, nextScope
destroy, expandChildren, getHandler, getHandlers, insertHandler, setHandler
expandHandler, findContainerOf, getChildHandlerByClass, getChildHandlers, getChildHandlersByClass, setServer
doError, dumpThis, getServer
addBean, addBean, addBean, addEventListener, addManaged, contains, dump, dump, dump, dump, dump, dumpBeans, dumpObject, dumpStdErr, getBean, getBeans, getBeans, isManaged, manage, removeBean, removeBeans, removeEventListener, setBeans, setStopTimeout, start, stop, unmanage, updateBean, updateBean, updateBeans
addLifeCycleListener, getState, getState, getStopTimeout, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop
public static final EnumSet<SessionTrackingMode> DEFAULT_TRACKING
public static final String __SessionCookieProperty
JSESSIONID
, but can be set with the
org.eclipse.jetty.servlet.SessionCookie
context init parameter.public static final String __DefaultSessionCookie
public static final String __SessionIdPathParameterNameProperty
jsessionid
, but can be set with the
org.eclipse.jetty.servlet.SessionIdPathParameterName
context init parameter.
If context init param is "none", or setSessionIdPathParameterName is called with null or "none",
no URL rewriting will be done.public static final String __DefaultSessionIdPathParameterName
public static final String __CheckRemoteSessionEncoding
public static final String __SessionDomainProperty
public static final String __DefaultSessionDomain
public static final String __SessionPathProperty
public static final String __MaxAgeProperty
public Set<SessionTrackingMode> __defaultSessionTrackingModes
public static final Class<? extends EventListener>[] SESSION_LISTENER_TYPES
public static final BigDecimal MAX_INACTIVE_MINUTES
protected int _dftMaxIdleSecs
protected boolean _httpOnly
protected SessionIdManager _sessionIdManager
protected boolean _secureCookies
protected boolean _secureRequestOnly
protected final List<HttpSessionAttributeListener> _sessionAttributeListeners
protected final List<HttpSessionListener> _sessionListeners
protected final List<HttpSessionIdListener> _sessionIdListeners
protected ClassLoader _loader
protected ContextHandler.Context _context
protected SessionContext _sessionContext
protected String _sessionCookie
protected String _sessionIdPathParameterName
protected String _sessionIdPathParameterNamePrefix
protected String _sessionDomain
protected String _sessionPath
protected int _maxCookieAge
protected int _refreshCookieAge
protected boolean _nodeIdInSessionId
protected boolean _checkingRemoteSessionIdEncoding
protected String _sessionComment
protected SessionCache _sessionCache
protected final SampleStatistic _sessionTimeStats
protected final CounterStatistic _sessionsCreatedStats
public Set<SessionTrackingMode> _sessionTrackingModes
protected boolean _usingURLs
protected boolean _usingCookies
protected ConcurrentHashSet<String> _candidateSessionIdsForExpiry
protected Scheduler _scheduler
protected boolean _ownScheduler
@ManagedAttribute(value="path of the session cookie, or null for default") public String getSessionPath()
@ManagedAttribute(value="if greater the zero, the time in seconds a session cookie will last for") public int getMaxCookieAge()
public HttpCookie access(HttpSession session, boolean secure)
SessionHandler
when a session is first accessed by a request.session
- the session objectsecure
- whether the request is secure or notcomplete(HttpSession)
public void addEventListener(EventListener listener)
listener
- the session event listener to add
Individual SessionManagers implementations may accept arbitrary listener types,
but they are expected to at least handle HttpSessionActivationListener,
HttpSessionAttributeListener, HttpSessionBindingListener and HttpSessionListener.removeEventListener(EventListener)
public void clearEventListeners()
removeEventListener(EventListener)
public void complete(HttpSession session)
SessionHandler
when a session is last accessed by a request.session
- the session objectaccess(HttpSession, boolean)
protected void doStart() throws Exception
ContainerLifeCycle
doStart
in class ScopedHandler
Exception
AbstractHandler.doStart()
protected void doStop() throws Exception
ContainerLifeCycle
doStop
in class AbstractHandler
Exception
@ManagedAttribute(value="true if cookies use the http only flag") public boolean getHttpOnly()
HttpCookie.isHttpOnly()
public HttpSession getHttpSession(String extendedId)
HttpSession
with the given session idextendedId
- the session idHttpSession
with the corresponding id or null if no session with the given id exists@ManagedAttribute(value="Session ID Manager") public SessionIdManager getSessionIdManager()
@ManagedAttribute(value="default maximum time a session may be idle for (in s)") public int getMaxInactiveInterval()
setMaxInactiveInterval(int)
@ManagedAttribute(value="time before a session cookie is re-set (in s)") public int getRefreshCookieAge()
@ManagedAttribute(value="if true, secure cookie flag is set on session cookies") public boolean getSecureCookies()
public boolean isSecureRequestOnly()
public void setSecureRequestOnly(boolean secureRequestOnly)
secureRequestOnly
- true to set Session Cookie Config as secure@ManagedAttribute(value="the set session cookie") public String getSessionCookie()
public HttpCookie getSessionCookie(HttpSession session, String contextPath, boolean requestIsSecure)
For case 2, you can use _secureRequestOnly to determine if you want the Servlet Spec 3.0 default behavior when SessionCookieConfig.setSecure==false, which is: "they shall be marked as secure only if the request that initiated the corresponding session was also secure"
The default for _secureRequestOnly is true, which gives the above behavior. If you set it to false, then a session cookie is NEVER marked as secure, even if the initiating request was secure.
session
- the session to which the cookie should refer.contextPath
- the context to which the cookie should be linked.
The client will only send the cookie value when requesting resources under this path.requestIsSecure
- whether the client is accessing the server over a secure protocol (i.e. HTTPS).SessionManager
uses cookies, then this method will return a new
cookie object
that should be set on the client in order to link future HTTP requests
with the session
. If cookies are not in use, this method returns null
.@ManagedAttribute(value="domain of the session cookie, or null for the default") public String getSessionDomain()
@ManagedAttribute(value="number of sessions created by this node") public int getSessionsCreated()
@ManagedAttribute(value="name of use for URL session tracking") public String getSessionIdPathParameterName()
setSessionIdPathParameterName(String)
public String getSessionIdPathParameterNamePrefix()
getSessionIdPathParameterName()
, by default
";" + sessionIdParameterName + "=", for easier lookup in URL strings.getSessionIdPathParameterName()
public boolean isUsingCookies()
public boolean isValid(HttpSession session)
session
- the session to test for validitypublic String getId(HttpSession session)
session
- the session objectgetExtendedId(HttpSession)
public String getExtendedId(HttpSession session)
session
- the session objectgetId(HttpSession)
public HttpSession newHttpSession(HttpServletRequest request)
HttpSession
.request
- the HttpServletRequest containing the requested session idHttpSession
public void removeEventListener(EventListener listener)
listener
- the session event listener to removeaddEventListener(EventListener)
@ManagedOperation(value="reset statistics", impact="ACTION") public void statsReset()
public void setHttpOnly(boolean httpOnly)
httpOnly
- The httpOnly to set.public void setSessionIdManager(SessionIdManager metaManager)
metaManager
- The metaManager used for cross context session management.public void setMaxInactiveInterval(int seconds)
seconds
- the max inactivity period, in seconds.getMaxInactiveInterval()
public void setRefreshCookieAge(int ageInSeconds)
public void setSessionCookie(String cookieName)
public void setSessionIdPathParameterName(String param)
param
- the URL path parameter name for session id URL rewriting (null or "none" for no rewriting).getSessionIdPathParameterName()
,
getSessionIdPathParameterNamePrefix()
public void setUsingCookies(boolean usingCookies)
usingCookies
- The usingCookies to set.public Session getSession(String id)
id
- The session ID stripped of any worker name.protected void shutdownSessions() throws Exception
Exception
- if unable to shutdown sesssionspublic SessionCache getSessionCache()
public void setSessionCache(SessionCache cache)
cache
- public boolean isNodeIdInSessionId()
HttpSession.getId()
. Default is false.public void setNodeIdInSessionId(boolean nodeIdInSessionId)
nodeIdInSessionId
- true if the cluster node id (worker id) will be returned as part of the session id by HttpSession.getId()
. Default is false.public Session removeSession(String id, boolean invalidate)
id
- The session to removeinvalidate
- True if HttpSessionListener.sessionDestroyed(HttpSessionEvent)
and
SessionIdManager.expireAll(String)
should be called.@ManagedAttribute(value="maximum amount of time sessions have remained active (in s)") public long getSessionTimeMax()
public Set<SessionTrackingMode> getDefaultSessionTrackingModes()
public Set<SessionTrackingMode> getEffectiveSessionTrackingModes()
public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes)
public boolean isUsingURLs()
public SessionCookieConfig getSessionCookieConfig()
@ManagedAttribute(value="total time sessions have remained valid") public long getSessionTimeTotal()
@ManagedAttribute(value="mean time sessions remain valid (in s)") public double getSessionTimeMean()
@ManagedAttribute(value="standard deviation a session remained valid (in s)") public double getSessionTimeStdDev()
@ManagedAttribute(value="check remote session id encoding") public boolean isCheckingRemoteSessionIdEncoding()
public void setCheckingRemoteSessionIdEncoding(boolean remote)
remote
- True if absolute URLs are check for remoteness before being session encoded.public void renewSessionId(String oldId, String oldExtendedId, String newId, String newExtendedId)
oldId
- the old session idoldExtendedId
- the session id including worker suffixnewId
- the new session idnewExtendedId
- the new session id including worker suffixpublic void invalidate(String id)
id
- the id to invalidatepublic void scavenge()
public void sessionInactivityTimerExpired(Session session)
session
- public boolean isIdInUse(String id) throws Exception
id
- identity of session to checkException
public Scheduler getScheduler()
public void doSessionAttributeListeners(Session session, String name, Object old, Object value)
public void doScope(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
ScopedHandler
Derived implementations should call ScopedHandler.nextScope(String, Request, HttpServletRequest, HttpServletResponse)
doScope
in class ScopedHandler
IOException
ServletException
public void doHandle(String target, Request baseRequest, HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException
ScopedHandler
Derived implementations should call ScopedHandler.nextHandle(String, Request, HttpServletRequest, HttpServletResponse)
doHandle
in class ScopedHandler
IOException
ServletException
protected void checkRequestedSessionId(Request baseRequest, HttpServletRequest request)
baseRequest
- the request to checkrequest
- the request to checkpublic String toString()
toString
in class Object
Object.toString()
Copyright © 1995–2017 Webtide. All rights reserved.