2 // ========================================================================
3 // Copyright (c) 1995-2016 Mort Bay Consulting Pty. Ltd.
4 // ------------------------------------------------------------------------
5 // All rights reserved. This program and the accompanying materials
6 // are made available under the terms of the Eclipse Public License v1.0
7 // and Apache License v2.0 which accompanies this distribution.
9 // The Eclipse Public License is available at
10 // http://www.eclipse.org/legal/epl-v10.html
12 // The Apache License v2.0 is available at
13 // http://www.opensource.org/licenses/apache2.0.php
15 // You may elect to redistribute this code under either of these licenses.
16 // ========================================================================
19 package org.eclipse.jetty.server.session;
21 import static java.lang.Math.round;
23 import java.util.Arrays;
24 import java.util.Collections;
25 import java.util.Enumeration;
26 import java.util.EventListener;
27 import java.util.HashSet;
28 import java.util.List;
30 import java.util.concurrent.CopyOnWriteArrayList;
32 import javax.servlet.SessionCookieConfig;
33 import javax.servlet.SessionTrackingMode;
34 import javax.servlet.http.HttpServletRequest;
35 import javax.servlet.http.HttpSession;
36 import javax.servlet.http.HttpSessionAttributeListener;
37 import javax.servlet.http.HttpSessionBindingEvent;
38 import javax.servlet.http.HttpSessionContext;
39 import javax.servlet.http.HttpSessionEvent;
40 import javax.servlet.http.HttpSessionIdListener;
41 import javax.servlet.http.HttpSessionListener;
43 import org.eclipse.jetty.http.HttpCookie;
44 import org.eclipse.jetty.server.Server;
45 import org.eclipse.jetty.server.SessionIdManager;
46 import org.eclipse.jetty.server.SessionManager;
47 import org.eclipse.jetty.server.handler.ContextHandler;
48 import org.eclipse.jetty.util.annotation.ManagedAttribute;
49 import org.eclipse.jetty.util.annotation.ManagedObject;
50 import org.eclipse.jetty.util.annotation.ManagedOperation;
51 import org.eclipse.jetty.util.component.ContainerLifeCycle;
52 import org.eclipse.jetty.util.log.Logger;
53 import org.eclipse.jetty.util.statistic.CounterStatistic;
54 import org.eclipse.jetty.util.statistic.SampleStatistic;
56 /* ------------------------------------------------------------ */
58 * An Abstract implementation of SessionManager. The partial implementation of
59 * SessionManager interface provides the majority of the handling required to
60 * implement a SessionManager. Concrete implementations of SessionManager based
61 * on AbstractSessionManager need only implement the newSession method to return
62 * a specialised version of the Session inner class that provides an attribute
66 @SuppressWarnings("deprecation")
67 @ManagedObject("Abstract Session Manager")
68 public abstract class AbstractSessionManager extends ContainerLifeCycle implements SessionManager
70 final static Logger __log = SessionHandler.LOG;
72 public Set<SessionTrackingMode> __defaultSessionTrackingModes =
73 Collections.unmodifiableSet(
74 new HashSet<SessionTrackingMode>(
75 Arrays.asList(new SessionTrackingMode[]{SessionTrackingMode.COOKIE,SessionTrackingMode.URL})));
79 /* ------------------------------------------------------------ */
80 public final static int __distantFuture=60*60*24*7*52*20;
82 static final HttpSessionContext __nullSessionContext=new HttpSessionContext()
85 public HttpSession getSession(String sessionId)
91 @SuppressWarnings({ "rawtypes", "unchecked" })
92 public Enumeration getIds()
94 return Collections.enumeration(Collections.EMPTY_LIST);
98 private boolean _usingCookies=true;
100 /* ------------------------------------------------------------ */
101 // Setting of max inactive interval for new sessions
102 // -1 means no timeout
103 protected int _dftMaxIdleSecs=-1;
104 protected SessionHandler _sessionHandler;
105 protected boolean _httpOnly=false;
106 protected SessionIdManager _sessionIdManager;
107 protected boolean _secureCookies=false;
108 protected boolean _secureRequestOnly=true;
110 protected final List<HttpSessionAttributeListener> _sessionAttributeListeners = new CopyOnWriteArrayList<HttpSessionAttributeListener>();
111 protected final List<HttpSessionListener> _sessionListeners= new CopyOnWriteArrayList<HttpSessionListener>();
112 protected final List<HttpSessionIdListener> _sessionIdListeners = new CopyOnWriteArrayList<HttpSessionIdListener>();
114 protected ClassLoader _loader;
115 protected ContextHandler.Context _context;
116 protected String _sessionCookie=__DefaultSessionCookie;
117 protected String _sessionIdPathParameterName = __DefaultSessionIdPathParameterName;
118 protected String _sessionIdPathParameterNamePrefix =";"+ _sessionIdPathParameterName +"=";
119 protected String _sessionDomain;
120 protected String _sessionPath;
121 protected int _maxCookieAge=-1;
122 protected int _refreshCookieAge;
123 protected boolean _nodeIdInSessionId;
124 protected boolean _checkingRemoteSessionIdEncoding;
125 protected String _sessionComment;
127 public Set<SessionTrackingMode> _sessionTrackingModes;
129 private boolean _usingURLs;
131 protected final CounterStatistic _sessionsStats = new CounterStatistic();
132 protected final SampleStatistic _sessionTimeStats = new SampleStatistic();
135 /* ------------------------------------------------------------ */
136 public AbstractSessionManager()
138 setSessionTrackingModes(__defaultSessionTrackingModes);
141 /* ------------------------------------------------------------ */
142 public ContextHandler.Context getContext()
147 /* ------------------------------------------------------------ */
148 public ContextHandler getContextHandler()
150 return _context.getContextHandler();
153 @ManagedAttribute("path of the session cookie, or null for default")
154 public String getSessionPath()
159 @ManagedAttribute("if greater the zero, the time in seconds a session cookie will last for")
160 public int getMaxCookieAge()
162 return _maxCookieAge;
165 /* ------------------------------------------------------------ */
167 public HttpCookie access(HttpSession session,boolean secure)
169 long now=System.currentTimeMillis();
171 AbstractSession s = ((SessionIf)session).getSession();
175 // Do we need to refresh the cookie?
176 if (isUsingCookies() &&
178 (getSessionCookieConfig().getMaxAge()>0 && getRefreshCookieAge()>0 && ((now-s.getCookieSetTime())/1000>getRefreshCookieAge()))
182 HttpCookie cookie=getSessionCookie(session,_context==null?"/":(_context.getContextPath()),secure);
184 s.setIdChanged(false);
191 /* ------------------------------------------------------------ */
193 public void addEventListener(EventListener listener)
195 if (listener instanceof HttpSessionAttributeListener)
196 _sessionAttributeListeners.add((HttpSessionAttributeListener)listener);
197 if (listener instanceof HttpSessionListener)
198 _sessionListeners.add((HttpSessionListener)listener);
199 if (listener instanceof HttpSessionIdListener)
200 _sessionIdListeners.add((HttpSessionIdListener)listener);
201 addBean(listener,false);
204 /* ------------------------------------------------------------ */
206 public void clearEventListeners()
208 for (EventListener e :getBeans(EventListener.class))
210 _sessionAttributeListeners.clear();
211 _sessionListeners.clear();
212 _sessionIdListeners.clear();
215 /* ------------------------------------------------------------ */
217 public void complete(HttpSession session)
219 AbstractSession s = ((SessionIf)session).getSession();
223 /* ------------------------------------------------------------ */
225 public void doStart() throws Exception
227 _context=ContextHandler.getCurrentContext();
228 _loader=Thread.currentThread().getContextClassLoader();
230 final Server server=getSessionHandler().getServer();
231 synchronized (server)
233 if (_sessionIdManager==null)
235 _sessionIdManager=server.getSessionIdManager();
236 if (_sessionIdManager==null)
238 //create a default SessionIdManager and set it as the shared
239 //SessionIdManager for the Server, being careful NOT to use
240 //the webapp context's classloader, otherwise if the context
241 //is stopped, the classloader is leaked.
242 ClassLoader serverLoader = server.getClass().getClassLoader();
245 Thread.currentThread().setContextClassLoader(serverLoader);
246 _sessionIdManager=new HashSessionIdManager();
247 server.setSessionIdManager(_sessionIdManager);
248 server.manage(_sessionIdManager);
249 _sessionIdManager.start();
253 Thread.currentThread().setContextClassLoader(_loader);
257 // server session id is never managed by this manager
258 addBean(_sessionIdManager,false);
263 // Look for a session cookie name
266 String tmp=_context.getInitParameter(SessionManager.__SessionCookieProperty);
270 tmp=_context.getInitParameter(SessionManager.__SessionIdPathParameterNameProperty);
272 setSessionIdPathParameterName(tmp);
274 // set up the max session cookie age if it isn't already
275 if (_maxCookieAge==-1)
277 tmp=_context.getInitParameter(SessionManager.__MaxAgeProperty);
279 _maxCookieAge=Integer.parseInt(tmp.trim());
282 // set up the session domain if it isn't already
283 if (_sessionDomain==null)
284 _sessionDomain=_context.getInitParameter(SessionManager.__SessionDomainProperty);
286 // set up the sessionPath if it isn't already
287 if (_sessionPath==null)
288 _sessionPath=_context.getInitParameter(SessionManager.__SessionPathProperty);
290 tmp=_context.getInitParameter(SessionManager.__CheckRemoteSessionEncoding);
292 _checkingRemoteSessionIdEncoding=Boolean.parseBoolean(tmp);
298 /* ------------------------------------------------------------ */
300 public void doStop() throws Exception
309 /* ------------------------------------------------------------ */
311 * @return Returns the httpOnly.
314 @ManagedAttribute("true if cookies use the http only flag")
315 public boolean getHttpOnly()
320 /* ------------------------------------------------------------ */
322 public HttpSession getHttpSession(String nodeId)
324 String cluster_id = getSessionIdManager().getClusterId(nodeId);
326 AbstractSession session = getSession(cluster_id);
327 if (session!=null && !session.getNodeId().equals(nodeId))
328 session.setIdChanged(true);
332 /* ------------------------------------------------------------ */
334 * @return Returns the SessionIdManager used for cross context session management
337 @ManagedAttribute("Session ID Manager")
338 public SessionIdManager getSessionIdManager()
340 return _sessionIdManager;
344 /* ------------------------------------------------------------ */
349 @ManagedAttribute("defailt maximum time a session may be idle for (in s)")
350 public int getMaxInactiveInterval()
352 return _dftMaxIdleSecs;
355 /* ------------------------------------------------------------ */
357 * @return maximum number of sessions
359 @ManagedAttribute("maximum number of simultaneous sessions")
360 public int getSessionsMax()
362 return (int)_sessionsStats.getMax();
365 /* ------------------------------------------------------------ */
367 * @return total number of sessions
369 @ManagedAttribute("total number of sessions")
370 public int getSessionsTotal()
372 return (int)_sessionsStats.getTotal();
375 /* ------------------------------------------------------------ */
376 @ManagedAttribute("time before a session cookie is re-set (in s)")
377 public int getRefreshCookieAge()
379 return _refreshCookieAge;
382 /* ------------------------------------------------------------ */
384 * @return same as SessionCookieConfig.getSecure(). If true, session
385 * cookies are ALWAYS marked as secure. If false, a session cookie is
386 * ONLY marked as secure if _secureRequestOnly == true and it is a HTTPS request.
388 @ManagedAttribute("if true, secure cookie flag is set on session cookies")
389 public boolean getSecureCookies()
391 return _secureCookies;
394 /* ------------------------------------------------------------ */
396 * @return true if session cookie is to be marked as secure only on HTTPS requests
398 public boolean isSecureRequestOnly()
400 return _secureRequestOnly;
404 /* ------------------------------------------------------------ */
406 * HTTPS request. Can be overridden by setting SessionCookieConfig.setSecure(true),
407 * in which case the session cookie will be marked as secure on both HTTPS and HTTP.
409 public void setSecureRequestOnly(boolean secureRequestOnly)
411 _secureRequestOnly = secureRequestOnly;
414 /* ------------------------------------------------------------ */
415 @ManagedAttribute("the set session cookie")
416 public String getSessionCookie()
418 return _sessionCookie;
421 /* ------------------------------------------------------------ */
423 * A sessioncookie is marked as secure IFF any of the following conditions are true:
425 * <li>SessionCookieConfig.setSecure == true</li>
426 * <li>SessionCookieConfig.setSecure == false && _secureRequestOnly==true && request is HTTPS</li>
428 * According to SessionCookieConfig javadoc, case 1 can be used when:
429 * "... even though the request that initiated the session came over HTTP,
430 * is to support a topology where the web container is front-ended by an
431 * SSL offloading load balancer. In this case, the traffic between the client
432 * and the load balancer will be over HTTPS, whereas the traffic between the
433 * load balancer and the web container will be over HTTP."
435 * For case 2, you can use _secureRequestOnly to determine if you want the
436 * Servlet Spec 3.0 default behaviour when SessionCookieConfig.setSecure==false,
438 * "they shall be marked as secure only if the request that initiated the
439 * corresponding session was also secure"
441 * The default for _secureRequestOnly is true, which gives the above behaviour. If
442 * you set it to false, then a session cookie is NEVER marked as secure, even if
443 * the initiating request was secure.
445 * @see org.eclipse.jetty.server.SessionManager#getSessionCookie(javax.servlet.http.HttpSession, java.lang.String, boolean)
448 public HttpCookie getSessionCookie(HttpSession session, String contextPath, boolean requestIsSecure)
450 if (isUsingCookies())
452 String sessionPath = (_cookieConfig.getPath()==null) ? contextPath : _cookieConfig.getPath();
453 sessionPath = (sessionPath==null||sessionPath.length()==0) ? "/" : sessionPath;
454 String id = getNodeId(session);
455 HttpCookie cookie = null;
456 if (_sessionComment == null)
458 cookie = new HttpCookie(
459 _cookieConfig.getName(),
461 _cookieConfig.getDomain(),
463 _cookieConfig.getMaxAge(),
464 _cookieConfig.isHttpOnly(),
465 _cookieConfig.isSecure() || (isSecureRequestOnly() && requestIsSecure));
469 cookie = new HttpCookie(
470 _cookieConfig.getName(),
472 _cookieConfig.getDomain(),
474 _cookieConfig.getMaxAge(),
475 _cookieConfig.isHttpOnly(),
476 _cookieConfig.isSecure() || (isSecureRequestOnly() && requestIsSecure),
486 @ManagedAttribute("domain of the session cookie, or null for the default")
487 public String getSessionDomain()
489 return _sessionDomain;
492 /* ------------------------------------------------------------ */
494 * @return Returns the sessionHandler.
496 public SessionHandler getSessionHandler()
498 return _sessionHandler;
501 /* ------------------------------------------------------------ */
502 @ManagedAttribute("number of currently active sessions")
503 public int getSessions()
505 return (int)_sessionsStats.getCurrent();
508 /* ------------------------------------------------------------ */
510 @ManagedAttribute("name of use for URL session tracking")
511 public String getSessionIdPathParameterName()
513 return _sessionIdPathParameterName;
516 /* ------------------------------------------------------------ */
518 public String getSessionIdPathParameterNamePrefix()
520 return _sessionIdPathParameterNamePrefix;
523 /* ------------------------------------------------------------ */
525 * @return Returns the usingCookies.
528 public boolean isUsingCookies()
530 return _usingCookies;
533 /* ------------------------------------------------------------ */
535 public boolean isValid(HttpSession session)
537 AbstractSession s = ((SessionIf)session).getSession();
541 /* ------------------------------------------------------------ */
543 public String getClusterId(HttpSession session)
545 AbstractSession s = ((SessionIf)session).getSession();
546 return s.getClusterId();
549 /* ------------------------------------------------------------ */
551 public String getNodeId(HttpSession session)
553 AbstractSession s = ((SessionIf)session).getSession();
554 return s.getNodeId();
557 /* ------------------------------------------------------------ */
559 * Create a new HttpSession for a request
562 public HttpSession newHttpSession(HttpServletRequest request)
564 AbstractSession session=newSession(request);
565 session.setMaxInactiveInterval(_dftMaxIdleSecs);
566 addSession(session,true);
570 /* ------------------------------------------------------------ */
572 public void removeEventListener(EventListener listener)
574 if (listener instanceof HttpSessionAttributeListener)
575 _sessionAttributeListeners.remove(listener);
576 if (listener instanceof HttpSessionListener)
577 _sessionListeners.remove(listener);
578 if (listener instanceof HttpSessionIdListener)
579 _sessionIdListeners.remove(listener);
580 removeBean(listener);
583 /* ------------------------------------------------------------ */
585 * Reset statistics values
587 @ManagedOperation(value="reset statistics", impact="ACTION")
588 public void statsReset()
590 _sessionsStats.reset(getSessions());
591 _sessionTimeStats.reset();
594 /* ------------------------------------------------------------ */
597 * The httpOnly to set.
599 public void setHttpOnly(boolean httpOnly)
604 /* ------------------------------------------------------------ */
606 * @param metaManager The metaManager used for cross context session management.
609 public void setSessionIdManager(SessionIdManager metaManager)
611 updateBean(_sessionIdManager, metaManager);
612 _sessionIdManager=metaManager;
615 /* ------------------------------------------------------------ */
620 public void setMaxInactiveInterval(int seconds)
622 _dftMaxIdleSecs=seconds;
625 /* ------------------------------------------------------------ */
626 public void setRefreshCookieAge(int ageInSeconds)
628 _refreshCookieAge=ageInSeconds;
631 /* ------------------------------------------------------------ */
632 public void setSessionCookie(String cookieName)
634 _sessionCookie=cookieName;
637 /* ------------------------------------------------------------ */
639 * @param sessionHandler
640 * The sessionHandler to set.
643 public void setSessionHandler(SessionHandler sessionHandler)
645 _sessionHandler=sessionHandler;
649 /* ------------------------------------------------------------ */
651 public void setSessionIdPathParameterName(String param)
653 _sessionIdPathParameterName =(param==null||"none".equals(param))?null:param;
654 _sessionIdPathParameterNamePrefix =(param==null||"none".equals(param))?null:(";"+ _sessionIdPathParameterName +"=");
656 /* ------------------------------------------------------------ */
658 * @param usingCookies
659 * The usingCookies to set.
661 public void setUsingCookies(boolean usingCookies)
663 _usingCookies=usingCookies;
667 protected abstract void addSession(AbstractSession session);
669 /* ------------------------------------------------------------ */
671 * Add the session Registers the session with this manager and registers the
672 * session ID with the sessionIDManager;
674 protected void addSession(AbstractSession session, boolean created)
676 synchronized (_sessionIdManager)
678 _sessionIdManager.addSession(session);
684 _sessionsStats.increment();
685 if (_sessionListeners!=null)
687 HttpSessionEvent event=new HttpSessionEvent(session);
688 for (HttpSessionListener listener : _sessionListeners)
689 listener.sessionCreated(event);
694 /* ------------------------------------------------------------ */
696 * Get a known existing session
697 * @param idInCluster The session ID in the cluster, stripped of any worker name.
698 * @return A Session or null if none exists.
700 public abstract AbstractSession getSession(String idInCluster);
703 * Prepare sessions for session manager shutdown
707 protected abstract void shutdownSessions() throws Exception;
710 /* ------------------------------------------------------------ */
712 * Create a new session instance
714 * @return the new session
716 protected abstract AbstractSession newSession(HttpServletRequest request);
719 /* ------------------------------------------------------------ */
721 * @return true if the cluster node id (worker id) is returned as part of the session id by {@link HttpSession#getId()}. Default is false.
723 public boolean isNodeIdInSessionId()
725 return _nodeIdInSessionId;
728 /* ------------------------------------------------------------ */
730 * @param nodeIdInSessionId true if the cluster node id (worker id) will be returned as part of the session id by {@link HttpSession#getId()}. Default is false.
732 public void setNodeIdInSessionId(boolean nodeIdInSessionId)
734 _nodeIdInSessionId=nodeIdInSessionId;
737 /* ------------------------------------------------------------ */
738 /** Remove session from manager
739 * @param session The session to remove
740 * @param invalidate True if {@link HttpSessionListener#sessionDestroyed(HttpSessionEvent)} and
741 * {@link SessionIdManager#invalidateAll(String)} should be called.
743 public void removeSession(HttpSession session, boolean invalidate)
745 AbstractSession s = ((SessionIf)session).getSession();
746 removeSession(s,invalidate);
749 /* ------------------------------------------------------------ */
750 /** Remove session from manager
751 * @param session The session to remove
752 * @param invalidate True if {@link HttpSessionListener#sessionDestroyed(HttpSessionEvent)} and
753 * {@link SessionIdManager#invalidateAll(String)} should be called.
755 public boolean removeSession(AbstractSession session, boolean invalidate)
757 // Remove session from context and global maps
758 boolean removed = removeSession(session.getClusterId());
762 _sessionsStats.decrement();
763 _sessionTimeStats.set(round((System.currentTimeMillis() - session.getCreationTime())/1000.0));
765 // Remove session from all context and global id maps
766 _sessionIdManager.removeSession(session);
768 _sessionIdManager.invalidateAll(session.getClusterId());
770 if (invalidate && _sessionListeners!=null)
772 HttpSessionEvent event=new HttpSessionEvent(session);
773 for (int i = _sessionListeners.size()-1; i>=0; i--)
775 _sessionListeners.get(i).sessionDestroyed(event);
783 /* ------------------------------------------------------------ */
784 protected abstract boolean removeSession(String idInCluster);
786 /* ------------------------------------------------------------ */
788 * @return maximum amount of time session remained valid
790 @ManagedAttribute("maximum amount of time sessions have remained active (in s)")
791 public long getSessionTimeMax()
793 return _sessionTimeStats.getMax();
796 /* ------------------------------------------------------------ */
798 public Set<SessionTrackingMode> getDefaultSessionTrackingModes()
800 return __defaultSessionTrackingModes;
803 /* ------------------------------------------------------------ */
805 public Set<SessionTrackingMode> getEffectiveSessionTrackingModes()
807 return Collections.unmodifiableSet(_sessionTrackingModes);
810 /* ------------------------------------------------------------ */
812 public void setSessionTrackingModes(Set<SessionTrackingMode> sessionTrackingModes)
814 _sessionTrackingModes=new HashSet<SessionTrackingMode>(sessionTrackingModes);
815 _usingCookies=_sessionTrackingModes.contains(SessionTrackingMode.COOKIE);
816 _usingURLs=_sessionTrackingModes.contains(SessionTrackingMode.URL);
819 /* ------------------------------------------------------------ */
821 public boolean isUsingURLs()
826 /* ------------------------------------------------------------ */
828 public SessionCookieConfig getSessionCookieConfig()
830 return _cookieConfig;
833 /* ------------------------------------------------------------ */
834 private SessionCookieConfig _cookieConfig =
838 /* ------------------------------------------------------------ */
840 * @return total amount of time all sessions remained valid
842 @ManagedAttribute("total time sessions have remained valid")
843 public long getSessionTimeTotal()
845 return _sessionTimeStats.getTotal();
848 /* ------------------------------------------------------------ */
850 * @return mean amount of time session remained valid
852 @ManagedAttribute("mean time sessions remain valid (in s)")
853 public double getSessionTimeMean()
855 return _sessionTimeStats.getMean();
858 /* ------------------------------------------------------------ */
860 * @return standard deviation of amount of time session remained valid
862 @ManagedAttribute("standard deviation a session remained valid (in s)")
863 public double getSessionTimeStdDev()
865 return _sessionTimeStats.getStdDev();
868 /* ------------------------------------------------------------ */
870 * @see org.eclipse.jetty.server.SessionManager#isCheckingRemoteSessionIdEncoding()
873 @ManagedAttribute("check remote session id encoding")
874 public boolean isCheckingRemoteSessionIdEncoding()
876 return _checkingRemoteSessionIdEncoding;
879 /* ------------------------------------------------------------ */
881 * @see org.eclipse.jetty.server.SessionManager#setCheckingRemoteSessionIdEncoding(boolean)
884 public void setCheckingRemoteSessionIdEncoding(boolean remote)
886 _checkingRemoteSessionIdEncoding=remote;
890 /* ------------------------------------------------------------ */
892 * Tell the HttpSessionIdListeners the id changed.
893 * NOTE: this method must be called LAST in subclass overrides, after the session has been updated
895 * @see org.eclipse.jetty.server.SessionManager#renewSessionId(java.lang.String, java.lang.String, java.lang.String, java.lang.String)
898 public void renewSessionId(String oldClusterId, String oldNodeId, String newClusterId, String newNodeId)
900 if (!_sessionIdListeners.isEmpty())
902 AbstractSession session = getSession(newClusterId);
903 HttpSessionEvent event = new HttpSessionEvent(session);
904 for (HttpSessionIdListener l:_sessionIdListeners)
906 l.sessionIdChanged(event, oldClusterId);
915 * Implementation of the javax.servlet.SessionCookieConfig.
917 public final class CookieConfig implements SessionCookieConfig
920 public String getComment()
922 return _sessionComment;
926 public String getDomain()
928 return _sessionDomain;
932 public int getMaxAge()
934 return _maxCookieAge;
938 public String getName()
940 return _sessionCookie;
944 public String getPath()
950 public boolean isHttpOnly()
956 public boolean isSecure()
958 return _secureCookies;
962 public void setComment(String comment)
964 if (_context != null && _context.getContextHandler().isAvailable())
965 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
966 _sessionComment = comment;
970 public void setDomain(String domain)
972 if (_context != null && _context.getContextHandler().isAvailable())
973 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
974 _sessionDomain=domain;
978 public void setHttpOnly(boolean httpOnly)
980 if (_context != null && _context.getContextHandler().isAvailable())
981 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
986 public void setMaxAge(int maxAge)
988 if (_context != null && _context.getContextHandler().isAvailable())
989 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
990 _maxCookieAge=maxAge;
994 public void setName(String name)
996 if (_context != null && _context.getContextHandler().isAvailable())
997 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
1002 public void setPath(String path)
1004 if (_context != null && _context.getContextHandler().isAvailable())
1005 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
1010 public void setSecure(boolean secure)
1012 if (_context != null && _context.getContextHandler().isAvailable())
1013 throw new IllegalStateException("CookieConfig cannot be set after ServletContext is started");
1014 _secureCookies=secure;
1018 /* ------------------------------------------------------------ */
1019 /* ------------------------------------------------------------ */
1020 /* ------------------------------------------------------------ */
1022 * Interface that any session wrapper should implement so that
1023 * SessionManager may access the Jetty session implementation.
1026 public interface SessionIf extends HttpSession
1028 public AbstractSession getSession();
1031 public void doSessionAttributeListeners(AbstractSession session, String name, Object old, Object value)
1033 if (!_sessionAttributeListeners.isEmpty())
1035 HttpSessionBindingEvent event=new HttpSessionBindingEvent(session,name,old==null?value:old);
1037 for (HttpSessionAttributeListener l : _sessionAttributeListeners)
1040 l.attributeAdded(event);
1041 else if (value==null)
1042 l.attributeRemoved(event);
1044 l.attributeReplaced(event);
1051 public SessionIdManager getMetaManager()
1053 throw new UnsupportedOperationException();
projects / gigi.git / blob