2 // ========================================================================
3 // Copyright (c) 1995-2014 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.server.session;
21 import static java.lang.Math.round;
23 import java.util.Arrays;
24 import java.util.Collections;
25 import java.util.Enumeration;
26 import java.util.EventListener;
27 import java.util.HashSet;
28 import java.util.List;
30 import java.util.concurrent.CopyOnWriteArrayList;
32 import javax.servlet.SessionCookieConfig;
33 import javax.servlet.SessionTrackingMode;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpSession;
36 import javax.servlet.http.HttpSessionAttributeListener;
37 import javax.servlet.http.HttpSessionBindingEvent;
38 import javax.servlet.http.HttpSessionContext;
39 import javax.servlet.http.HttpSessionEvent;
40 import javax.servlet.http.HttpSessionIdListener;
41 import javax.servlet.http.HttpSessionListener;
43 import org.eclipse.jetty.http.HttpCookie;
44 import org.eclipse.jetty.server.Server;
45 import org.eclipse.jetty.server.SessionIdManager;
46 import org.eclipse.jetty.server.SessionManager;
47 import org.eclipse.jetty.server.handler.ContextHandler;
48 import org.eclipse.jetty.util.annotation.ManagedAttribute;
49 import org.eclipse.jetty.util.annotation.ManagedObject;
50 import org.eclipse.jetty.util.annotation.ManagedOperation;
51 import org.eclipse.jetty.util.component.ContainerLifeCycle;
52 import org.eclipse.jetty.util.log.Logger;
53 import org.eclipse.jetty.util.statistic.CounterStatistic;
54 import org.eclipse.jetty.util.statistic.SampleStatistic;
56 /* ------------------------------------------------------------ */
58 * An Abstract implementation of SessionManager. The partial implementation of
59 * SessionManager interface provides the majority of the handling required to
60 * implement a SessionManager. Concrete implementations of SessionManager based
61 * on AbstractSessionManager need only implement the newSession method to return
62 * a specialised version of the Session inner class that provides an attribute
66 @SuppressWarnings("deprecation")
67 @ManagedObject("Abstract Session Manager")
68 public abstract class AbstractSessionManager extends ContainerLifeCycle implements SessionManager
70 final static Logger __log = SessionHandler.LOG;
72 public Set<SessionTrackingMode> __defaultSessionTrackingModes =
73 Collections.unmodifiableSet(
74 new HashSet<SessionTrackingMode>(
75 Arrays.asList(new SessionTrackingMode[]{SessionTrackingMode.COOKIE,SessionTrackingMode.URL})));
79 /* ------------------------------------------------------------ */
80 public final static int __distantFuture=60*60*24*7*52*20;
82 static final HttpSessionContext __nullSessionContext=new HttpSessionContext()
85 public HttpSession getSession(String sessionId)
91 @SuppressWarnings({ "rawtypes", "unchecked" })
92 public Enumeration getIds()
94 return Collections.enumeration(Collections.EMPTY_LIST);
98 private boolean _usingCookies=true;
100 /* ------------------------------------------------------------ */
101 // Setting of max inactive interval for new sessions
102 // -1 means no timeout
103 protected int _dftMaxIdleSecs=-1;
104 protected SessionHandler _sessionHandler;
105 protected boolean _httpOnly=false;
106 protected SessionIdManager _sessionIdManager;
107 protected boolean _secureCookies=false;
108 protected boolean _secureRequestOnly=true;
110 protected final List<HttpSessionAttributeListener> _sessionAttributeListeners = new CopyOnWriteArrayList<HttpSessionAttributeListener>();
111 protected final List<HttpSessionListener> _sessionListeners= new CopyOnWriteArrayList<HttpSessionListener>();
112 protected final List<HttpSessionIdListener> _sessionIdListeners = new CopyOnWriteArrayList<HttpSessionIdListener>();
114 protected ClassLoader _loader;
115 protected ContextHandler.Context _context;
116 protected String _sessionCookie=__DefaultSessionCookie;
117 protected String _sessionIdPathParameterName = __DefaultSessionIdPathParameterName;
118 protected String _sessionIdPathParameterNamePrefix =";"+ _sessionIdPathParameterName +"=";
119 protected String _sessionDomain;
120 protected String _sessionPath;
121 protected int _maxCookieAge=-1;
122 protected int _refreshCookieAge;
123 protected boolean _nodeIdInSessionId;
124 protected boolean _checkingRemoteSessionIdEncoding;
125 protected String _sessionComment;
127 public Set<SessionTrackingMode> _sessionTrackingModes;
129 private boolean _usingURLs;
131 protected final CounterStatistic _sessionsStats = new CounterStatistic();
132 protected final SampleStatistic _sessionTimeStats = new SampleStatistic();
135 /* ------------------------------------------------------------ */
136 public AbstractSessionManager()
138 setSessionTrackingModes(__defaultSessionTrackingModes);
141 /* ------------------------------------------------------------ */
142 public ContextHandler.Context getContext()
147 /* ------------------------------------------------------------ */
148 public ContextHandler getContextHandler()
150 return _context.getContextHandler();
153 @ManagedAttribute("path of the session cookie, or null for default")
154 public String getSessionPath()
159 @ManagedAttribute("if greater the zero, the time in seconds a session cookie will last for")
160 public int getMaxCookieAge()
162 return _maxCookieAge;
165 /* ------------------------------------------------------------ */
167 public HttpCookie access(HttpSession session,boolean secure)
169 long now=System.currentTimeMillis();
171 AbstractSession s = ((SessionIf)session).getSession();
175 // Do we need to refresh the cookie?
176 if (isUsingCookies() &&
178 (getSessionCookieConfig().getMaxAge()>0 && getRefreshCookieAge()>0 && ((now-s.getCookieSetTime())/1000>getRefreshCookieAge()))
182 HttpCookie cookie=getSessionCookie(session,_context==null?"/":(_context.getContextPath()),secure);
184 s.setIdChanged(false);
191 /* ------------------------------------------------------------ */
193 public void addEventListener(EventListener listener)
195 if (listener instanceof HttpSessionAttributeListener)
196 _sessionAttributeListeners.add((HttpSessionAttributeListener)listener);
197 if (listener instanceof HttpSessionListener)
198 _sessionListeners.add((HttpSessionListener)listener);
199 if (listener instanceof HttpSessionIdListener)
200 _sessionIdListeners.add((HttpSessionIdListener)listener);
201 addBean(listener,false);
204 /* ------------------------------------------------------------ */
206 public void clearEventListeners()
208 for (EventListener e :getBeans(EventListener.class))
210 _sessionAttributeListeners.clear();
211 _sessionListeners.clear();
212 _sessionIdListeners.clear();
215 /* ------------------------------------------------------------ */
217 public void complete(HttpSession session)
219 AbstractSession s = ((SessionIf)session).getSession();
223 /* ------------------------------------------------------------ */
225 public void doStart() throws Exception
227 _context=ContextHandler.getCurrentContext();
228 _loader=Thread.currentThread().getContextClassLoader();
230 if (_sessionIdManager==null)
232 final Server server=getSessionHandler().getServer();
233 synchronized (server)
235 _sessionIdManager=server.getSessionIdManager();
236 if (_sessionIdManager==null)
238 //create a default SessionIdManager and set it as the shared
239 //SessionIdManager for the Server, being careful NOT to use
240 //the webapp context's classloader, otherwise if the context
241 //is stopped, the classloader is leaked.
242 ClassLoader serverLoader = server.getClass().getClassLoader();
245 Thread.currentThread().setContextClassLoader(serverLoader);
246 _sessionIdManager=new HashSessionIdManager();
247 server.setSessionIdManager(_sessionIdManager);
248 server.manage(_sessionIdManager);
249 _sessionIdManager.start();
253 Thread.currentThread().setContextClassLoader(_loader);
257 // server session id is never managed by this manager
258 addBean(_sessionIdManager,false);
263 // Look for a session cookie name
266 String tmp=_context.getInitParameter(SessionManager.__SessionCookieProperty);
270 tmp=_context.getInitParameter(SessionManager.__SessionIdPathParameterNameProperty);
272 setSessionIdPathParameterName(tmp);
274 // set up the max session cookie age if it isn't already
275 if (_maxCookieAge==-1)
277 tmp=_context.getInitParameter(SessionManager.__MaxAgeProperty);
279 _maxCookieAge=Integer.parseInt(tmp.trim());
282 // set up the session domain if it isn't already
283 if (_sessionDomain==null)
284 _sessionDomain=_context.getInitParameter(SessionManager.__SessionDomainProperty);
286 // set up the sessionPath if it isn't already
287 if (_sessionPath==null)
288 _sessionPath=_context.getInitParameter(SessionManager.__SessionPathProperty);
290 tmp=_context.getInitParameter(SessionManager.__CheckRemoteSessionEncoding);
292 _checkingRemoteSessionIdEncoding=Boolean.parseBoolean(tmp);
298 /* ------------------------------------------------------------ */
300 public void doStop() throws Exception
309 /* ------------------------------------------------------------ */
311 * @return Returns the httpOnly.
314 @ManagedAttribute("true if cookies use the http only flag")
315 public boolean getHttpOnly()
320 /* ------------------------------------------------------------ */
322 public HttpSession getHttpSession(String nodeId)
324 String cluster_id = getSessionIdManager().getClusterId(nodeId);
326 AbstractSession session = getSession(cluster_id);
327 if (session!=null && !session.getNodeId().equals(nodeId))
328 session.setIdChanged(true);
332 /* ------------------------------------------------------------ */
334 * @return Returns the SessionIdManager used for cross context session management
337 @ManagedAttribute("Session ID Manager")
338 public SessionIdManager getSessionIdManager()
340 return _sessionIdManager;
344 /* ------------------------------------------------------------ */
349 @ManagedAttribute("defailt maximum time a session may be idle for (in s)")
350 public int getMaxInactiveInterval()
352 return _dftMaxIdleSecs;
355 /* ------------------------------------------------------------ */
357 * @return maximum number of sessions
359 @ManagedAttribute("maximum number of simultaneous sessions")
360 public int getSessionsMax()
362 return (int)_sessionsStats.getMax();
365 /* ------------------------------------------------------------ */
367 * @return total number of sessions
369 @ManagedAttribute("total number of sessions")
370 public int getSessionsTotal()
372 return (int)_sessionsStats.getTotal();
375 /* ------------------------------------------------------------ */
376 @ManagedAttribute("time before a session cookie is re-set (in s)")
377 public int getRefreshCookieAge()
379 return _refreshCookieAge;
382 /* ------------------------------------------------------------ */
384 * @return same as SessionCookieConfig.getSecure(). If true, session
385 * cookies are ALWAYS marked as secure. If false, a session cookie is
386 * ONLY marked as secure if _secureRequestOnly == true and it is a HTTPS request.
388 @ManagedAttribute("if true, secure cookie flag is set on session cookies")
389 public boolean getSecureCookies()
391 return _secureCookies;
394 /* ------------------------------------------------------------ */
396 * @return true if session cookie is to be marked as secure only on HTTPS requests
398 public boolean isSecureRequestOnly()
400 return _secureRequestOnly;
404 /* ------------------------------------------------------------ */
406 * HTTPS request. Can be overridden by setting SessionCookieConfig.setSecure(true),
407 * in which case the session cookie will be marked as secure on both HTTPS and HTTP.
409 public void setSecureRequestOnly(boolean secureRequestOnly)
411 _secureRequestOnly = secureRequestOnly;
414 /* ------------------------------------------------------------ */
415 @ManagedAttribute("the set session cookie")
416 public String getSessionCookie()
418 return _sessionCookie;
421 /* ------------------------------------------------------------ */
423 * A sessioncookie is marked as secure IFF any of the following conditions are true:
425 * <li>SessionCookieConfig.setSecure == true</li>
426 * <li>SessionCookieConfig.setSecure == false && _secureRequestOnly==true && request is HTTPS</li>
428 * According to SessionCookieConfig javadoc, case 1 can be used when:
429 * "... even though the request that initiated the session came over HTTP,
430 * is to support a topology where the web container is front-ended by an
431 * SSL offloading load balancer. In this case, the traffic between the client
432 * and the load balancer will be over HTTPS, whereas the traffic between the
433 * load balancer and the web container will be over HTTP."
435 * For case 2, you can use _secureRequestOnly to determine if you want the
436 * Servlet Spec 3.0 default behaviour when SessionCookieConfig.setSecure==false,
438 * "they shall be marked as secure only if the request that initiated the
439 * corresponding session was also secure"
441 * The default for _secureRequestOnly is true, which gives the above behaviour. If
442 * you set it to false, then a session cookie is NEVER marked as secure, even if
443 * the initiating request was secure.
445 * @see org.eclipse.jetty.server.SessionManager#getSessionCookie(javax.servlet.http.HttpSession, java.lang.String, boolean)
448 public HttpCookie getSessionCookie(HttpSession session, String contextPath, boolean requestIsSecure)
450 if (isUsingCookies())
452 String sessionPath = (_cookieConfig.getPath()==null) ? contextPath : _cookieConfig.getPath();
453 sessionPath = (sessionPath==null||sessionPath.length()==0) ? "/" : sessionPath;
454 String id = getNodeId(session);
455 HttpCookie cookie = null;
456 if (_sessionComment == null)
458 cookie = new HttpCookie(
459 _cookieConfig.getName(),
461 _cookieConfig.getDomain(),
463 _cookieConfig.getMaxAge(),
464 _cookieConfig.isHttpOnly(),
465 _cookieConfig.isSecure() || (isSecureRequestOnly() && requestIsSecure));
469 cookie = new HttpCookie(
470 _cookieConfig.getName(),
472 _cookieConfig.getDomain(),
474 _cookieConfig.getMaxAge(),
475 _cookieConfig.isHttpOnly(),
476 _cookieConfig.isSecure() || (isSecureRequestOnly() && requestIsSecure),
486 @ManagedAttribute("domain of the session cookie, or null for the default")
487 public String getSessionDomain()
489 return _sessionDomain;
492 /* ------------------------------------------------------------ */
494 * @return Returns the sessionHandler.
496 public SessionHandler getSessionHandler()
498 return _sessionHandler;
501 /* ------------------------------------------------------------ */
502 @ManagedAttribute("number of currently active sessions")
503 public int getSessions()
505 return (int)_sessionsStats.getCurrent();
508 /* ------------------------------------------------------------ */
510 @ManagedAttribute("name of use for URL session tracking")
511 public String getSessionIdPathParameterName()
513 return _sessionIdPathParameterName;
516 /* ------------------------------------------------------------ */
518 public String getSessionIdPathParameterNamePrefix()
520 return _sessionIdPathParameterNamePrefix;
523 /* ------------------------------------------------------------ */
525 * @return Returns the usingCookies.
528 public boolean isUsingCookies()
530 return _usingCookies;
533 /* ------------------------------------------------------------ */
535 public boolean isValid(HttpSession session)
537 AbstractSession s = ((SessionIf)session).getSession();
541 /* ------------------------------------------------------------ */
543 public String getClusterId(HttpSession session)
545 AbstractSession s = ((SessionIf)session).getSession();
546 return s.getClusterId();
549 /* ------------------------------------------------------------ */
551 public String getNodeId(HttpSession session)
553 AbstractSession s = ((SessionIf)session).getSession();
554 return s.getNodeId();
557 /* ------------------------------------------------------------ */
559 * Create a new HttpSession for a request
562 public HttpSession newHttpSession(HttpServletRequest request)
564 AbstractSession session=newSession(request);
565 session.setMaxInactiveInterval(_dftMaxIdleSecs);
566 addSession(session,true);
570 /* ------------------------------------------------------------ */
572 public void removeEventListener(EventListener listener)
574 if (listener instanceof HttpSessionAttributeListener)
575 _sessionAttributeListeners.remove(listener);
576 if (listener instanceof HttpSessionListener)
577 _sessionListeners.remove(listener);
580 /* ------------------------------------------------------------ */
582 * Reset statistics values
584 @ManagedOperation(value="reset statistics", impact="ACTION")
585 public void statsReset()
587 _sessionsStats.reset(getSessions());
588 _sessionTimeStats.reset();
591 /* ------------------------------------------------------------ */
594 * The httpOnly to set.
596 public void setHttpOnly(boolean httpOnly)
601 /* ------------------------------------------------------------ */
603 * @param metaManager The metaManager used for cross context session management.
606 public void setSessionIdManager(SessionIdManager metaManager)
608 updateBean(_sessionIdManager, metaManager);
609 _sessionIdManager=metaManager;
612 /* ------------------------------------------------------------ */
617 public void setMaxInactiveInterval(int seconds)
619 _dftMaxIdleSecs=seconds;
622 /* ------------------------------------------------------------ */
623 public void setRefreshCookieAge(int ageInSeconds)
625 _refreshCookieAge=ageInSeconds;
628 /* ------------------------------------------------------------ */
629 public void setSessionCookie(String cookieName)
631 _sessionCookie=cookieName;
634 /* ------------------------------------------------------------ */
636 * @param sessionHandler
637 * The sessionHandler to set.
640 public void setSessionHandler(SessionHandler sessionHandler)
642 _sessionHandler=sessionHandler;
646 /* ------------------------------------------------------------ */
648 public void setSessionIdPathParameterName(String param)
650 _sessionIdPathParameterName =(param==null||"none".equals(param))?null:param;
651 _sessionIdPathParameterNamePrefix =(param==null||"none".equals(param))?null:(";"+ _sessionIdPathParameterName +"=");
653 /* ------------------------------------------------------------ */
655 * @param usingCookies
656 * The usingCookies to set.
658 public void setUsingCookies(boolean usingCookies)
660 _usingCookies=usingCookies;
664 protected abstract void addSession(AbstractSession session);
666 /* ------------------------------------------------------------ */
668 * Add the session Registers the session with this manager and registers the
669 * session ID with the sessionIDManager;
671 protected void addSession(AbstractSession session, boolean created)
673 synchronized (_sessionIdManager)
675 _sessionIdManager.addSession(session);
681 _sessionsStats.increment();
682 if (_sessionListeners!=null)
684 HttpSessionEvent event=new HttpSessionEvent(session);
685 for (HttpSessionListener listener : _sessionListeners)
686 listener.sessionCreated(event);
691 /* ------------------------------------------------------------ */
693 * Get a known existing session
694 * @param idInCluster The session ID in the cluster, stripped of any worker name.
695 * @return A Session or null if none exists.
697 public abstract AbstractSession getSession(String idInCluster);
700 * Prepare sessions for session manager shutdown
704 protected abstract void shutdownSessions() throws Exception;
707 /* ------------------------------------------------------------ */
709 * Create a new session instance
711 * @return the new session
713 protected abstract AbstractSession newSession(HttpServletRequest request);
716 /* ------------------------------------------------------------ */
718 * @return true if the cluster node id (worker id) is returned as part of the session id by {@link HttpSession#getId()}. Default is false.
720 public boolean isNodeIdInSessionId()
722 return _nodeIdInSessionId;
725 /* ------------------------------------------------------------ */
727 * @param nodeIdInSessionId true if the cluster node id (worker id) will be returned as part of the session id by {@link HttpSession#getId()}. Default is false.
729 public void setNodeIdInSessionId(boolean nodeIdInSessionId)
731 _nodeIdInSessionId=nodeIdInSessionId;
734 /* ------------------------------------------------------------ */
735 /** Remove session from manager
736 * @param session The session to remove
737 * @param invalidate True if {@link HttpSessionListener#sessionDestroyed(HttpSessionEvent)} and
738 * {@link SessionIdManager#invalidateAll(String)} should be called.
740 public void removeSession(HttpSession session, boolean invalidate)
742 AbstractSession s = ((SessionIf)session).getSession();
743 removeSession(s,invalidate);
746 /* ------------------------------------------------------------ */
747 /** Remove session from manager
748 * @param session The session to remove
749 * @param invalidate True if {@link HttpSessionListener#sessionDestroyed(HttpSessionEvent)} and
750 * {@link SessionIdManager#invalidateAll(String)} should be called.
752 public boolean removeSession(AbstractSession session, boolean invalidate)
754 // Remove session from context and global maps
755 boolean removed = removeSession(session.getClusterId());
759 _sessionsStats.decrement();
760 _sessionTimeStats.set(round((System.currentTimeMillis() - session.getCreationTime())/1000.0));
762 // Remove session from all context and global id maps
763 _sessionIdManager.removeSession(session);
765 _sessionIdManager.invalidateAll(session.getClusterId());
767 if (invalidate && _sessionListeners!=null)
769 HttpSessionEvent event=new HttpSessionEvent(session);
770 for (int i = _sessionListeners.size()-1; i>=0; i--)
772 _sessionListeners.get(i).sessionDestroyed(event);
780 /* ------------------------------------------------------------ */
781 protected abstract boolean removeSession(String idInCluster);
783 /* ------------------------------------------------------------ */
785 * @return maximum amount of time session remained valid
787 @ManagedAttribute("maximum amount of time sessions have remained active (in s)")
788 public long getSessionTimeMax()
790 return _sessionTimeStats.getMax();
793 /* ------------------------------------------------------------ */
795 public Set<SessionTrackingMode> getDefaultSessionTrackingModes()
797 return __defaultSessionTrackingModes;
800 /* ------------------------------------------------------------ */
802 public Set<SessionTrackingMode> getEffectiveSessionTrackingModes()
804 return Collections.unmodifiableSet(_sessionTrackingModes);
807 /* ------------------------------------------------------------ */
809 public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes)
811 _sessionTrackingModes=new HashSet<SessionTrackingMode>(sessionTrackingModes);
812 _usingCookies=_sessionTrackingModes.contains(SessionTrackingMode.COOKIE);
813 _usingURLs=_sessionTrackingModes.contains(SessionTrackingMode.URL);
816 /* ------------------------------------------------------------ */
818 public boolean isUsingURLs()
823 /* ------------------------------------------------------------ */
825 public SessionCookieConfig getSessionCookieConfig()
827 return _cookieConfig;
830 /* ------------------------------------------------------------ */
831 private SessionCookieConfig _cookieConfig =
835 /* ------------------------------------------------------------ */
837 * @return total amount of time all sessions remained valid
839 @ManagedAttribute("total time sessions have remained valid")
840 public long getSessionTimeTotal()
842 return _sessionTimeStats.getTotal();
845 /* ------------------------------------------------------------ */
847 * @return mean amount of time session remained valid
849 @ManagedAttribute("mean time sessions remain valid (in s)")
850 public double getSessionTimeMean()
852 return _sessionTimeStats.getMean();
855 /* ------------------------------------------------------------ */
857 * @return standard deviation of amount of time session remained valid
859 @ManagedAttribute("standard deviation a session remained valid (in s)")
860 public double getSessionTimeStdDev()
862 return _sessionTimeStats.getStdDev();
865 /* ------------------------------------------------------------ */
867 * @see org.eclipse.jetty.server.SessionManager#isCheckingRemoteSessionIdEncoding()
870 @ManagedAttribute("check remote session id encoding")
871 public boolean isCheckingRemoteSessionIdEncoding()
873 return _checkingRemoteSessionIdEncoding;
876 /* ------------------------------------------------------------ */
878 * @see org.eclipse.jetty.server.SessionManager#setCheckingRemoteSessionIdEncoding(boolean)
881 public void setCheckingRemoteSessionIdEncoding(boolean remote)
883 _checkingRemoteSessionIdEncoding=remote;
887 /* ------------------------------------------------------------ */
889 * Tell the HttpSessionIdListeners the id changed.
890 * NOTE: this method must be called LAST in subclass overrides, after the session has been updated
892 * @see org.eclipse.jetty.server.SessionManager#renewSessionId(java.lang.String, java.lang.String, java.lang.String, java.lang.String)
895 public void renewSessionId(String oldClusterId, String oldNodeId, String newClusterId, String newNodeId)
897 if (!_sessionIdListeners.isEmpty())
899 AbstractSession session = getSession(newClusterId);
900 HttpSessionEvent event = new HttpSessionEvent(session);
901 for (HttpSessionIdListener l:_sessionIdListeners)
903 l.sessionIdChanged(event, oldClusterId);
912 * Implementation of the javax.servlet.SessionCookieConfig.
914 public final class CookieConfig implements SessionCookieConfig
917 public String getComment()
919 return _sessionComment;
923 public String getDomain()
925 return _sessionDomain;
929 public int getMaxAge()
931 return _maxCookieAge;
935 public String getName()
937 return _sessionCookie;
941 public String getPath()
947 public boolean isHttpOnly()
953 public boolean isSecure()
955 return _secureCookies;
959 public void setComment(String comment)
961 if (_context != null && _context.getContextHandler().isAvailable())
962 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
963 _sessionComment = comment;
967 public void setDomain(String domain)
969 if (_context != null && _context.getContextHandler().isAvailable())
970 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
971 _sessionDomain=domain;
975 public void setHttpOnly(boolean httpOnly)
977 if (_context != null && _context.getContextHandler().isAvailable())
978 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
983 public void setMaxAge(int maxAge)
985 if (_context != null && _context.getContextHandler().isAvailable())
986 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
987 _maxCookieAge=maxAge;
991 public void setName(String name)
993 if (_context != null && _context.getContextHandler().isAvailable())
994 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
999 public void setPath(String path)
1001 if (_context != null && _context.getContextHandler().isAvailable())
1002 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
1007 public void setSecure(boolean secure)
1009 if (_context != null && _context.getContextHandler().isAvailable())
1010 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
1011 _secureCookies=secure;
1015 /* ------------------------------------------------------------ */
1016 /* ------------------------------------------------------------ */
1017 /* ------------------------------------------------------------ */
1019 * Interface that any session wrapper should implement so that
1020 * SessionManager may access the Jetty session implementation.
1023 public interface SessionIf extends HttpSession
1025 public AbstractSession getSession();
1028 public void doSessionAttributeListeners(AbstractSession session, String name, Object old, Object value)
1030 if (!_sessionAttributeListeners.isEmpty())
1032 HttpSessionBindingEvent event=new HttpSessionBindingEvent(session,name,old==null?value:old);
1034 for (HttpSessionAttributeListener l : _sessionAttributeListeners)
1037 l.attributeAdded(event);
1038 else if (value==null)
1039 l.attributeRemoved(event);
1041 l.attributeReplaced(event);
1048 public SessionIdManager getMetaManager()
1050 throw new UnsupportedOperationException();