Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.5.2 / shiro-web / apidocs / src-html / org / apache / shiro / web / session / mgt / DefaultWebSessionManager.html
blob: 257d590beff99c16122310c8051e850e1b50d245 [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">009</span><a id="line.9"> *</a>
<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
<span class="sourceLineNo">018</span><a id="line.18"> */</a>
<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.web.session.mgt;</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.session.ExpiredSessionException;</a>
<span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.session.InvalidSessionException;</a>
<span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.session.Session;</a>
<span class="sourceLineNo">024</span><a id="line.24">import org.apache.shiro.session.mgt.DefaultSessionManager;</a>
<span class="sourceLineNo">025</span><a id="line.25">import org.apache.shiro.session.mgt.DelegatingSession;</a>
<span class="sourceLineNo">026</span><a id="line.26">import org.apache.shiro.session.mgt.SessionContext;</a>
<span class="sourceLineNo">027</span><a id="line.27">import org.apache.shiro.session.mgt.SessionKey;</a>
<span class="sourceLineNo">028</span><a id="line.28">import org.apache.shiro.web.servlet.Cookie;</a>
<span class="sourceLineNo">029</span><a id="line.29">import org.apache.shiro.web.servlet.ShiroHttpServletRequest;</a>
<span class="sourceLineNo">030</span><a id="line.30">import org.apache.shiro.web.servlet.ShiroHttpSession;</a>
<span class="sourceLineNo">031</span><a id="line.31">import org.apache.shiro.web.servlet.SimpleCookie;</a>
<span class="sourceLineNo">032</span><a id="line.32">import org.apache.shiro.web.util.WebUtils;</a>
<span class="sourceLineNo">033</span><a id="line.33">import org.slf4j.Logger;</a>
<span class="sourceLineNo">034</span><a id="line.34">import org.slf4j.LoggerFactory;</a>
<span class="sourceLineNo">035</span><a id="line.35"></a>
<span class="sourceLineNo">036</span><a id="line.36">import javax.servlet.ServletRequest;</a>
<span class="sourceLineNo">037</span><a id="line.37">import javax.servlet.ServletResponse;</a>
<span class="sourceLineNo">038</span><a id="line.38">import javax.servlet.http.HttpServletRequest;</a>
<span class="sourceLineNo">039</span><a id="line.39">import javax.servlet.http.HttpServletResponse;</a>
<span class="sourceLineNo">040</span><a id="line.40">import java.io.Serializable;</a>
<span class="sourceLineNo">041</span><a id="line.41"></a>
<span class="sourceLineNo">042</span><a id="line.42"></a>
<span class="sourceLineNo">043</span><a id="line.43">/**</a>
<span class="sourceLineNo">044</span><a id="line.44"> * Web-application capable {@link org.apache.shiro.session.mgt.SessionManager SessionManager} implementation.</a>
<span class="sourceLineNo">045</span><a id="line.45"> *</a>
<span class="sourceLineNo">046</span><a id="line.46"> * @since 0.9</a>
<span class="sourceLineNo">047</span><a id="line.47"> */</a>
<span class="sourceLineNo">048</span><a id="line.48">public class DefaultWebSessionManager extends DefaultSessionManager implements WebSessionManager {</a>
<span class="sourceLineNo">049</span><a id="line.49"></a>
<span class="sourceLineNo">050</span><a id="line.50"> private static final Logger log = LoggerFactory.getLogger(DefaultWebSessionManager.class);</a>
<span class="sourceLineNo">051</span><a id="line.51"></a>
<span class="sourceLineNo">052</span><a id="line.52"> private Cookie sessionIdCookie;</a>
<span class="sourceLineNo">053</span><a id="line.53"> private boolean sessionIdCookieEnabled;</a>
<span class="sourceLineNo">054</span><a id="line.54"> private boolean sessionIdUrlRewritingEnabled;</a>
<span class="sourceLineNo">055</span><a id="line.55"></a>
<span class="sourceLineNo">056</span><a id="line.56"> public DefaultWebSessionManager() {</a>
<span class="sourceLineNo">057</span><a id="line.57"> Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);</a>
<span class="sourceLineNo">058</span><a id="line.58"> cookie.setHttpOnly(true); //more secure, protects against XSS attacks</a>
<span class="sourceLineNo">059</span><a id="line.59"> this.sessionIdCookie = cookie;</a>
<span class="sourceLineNo">060</span><a id="line.60"> this.sessionIdCookieEnabled = true;</a>
<span class="sourceLineNo">061</span><a id="line.61"> this.sessionIdUrlRewritingEnabled = true;</a>
<span class="sourceLineNo">062</span><a id="line.62"> }</a>
<span class="sourceLineNo">063</span><a id="line.63"></a>
<span class="sourceLineNo">064</span><a id="line.64"> public Cookie getSessionIdCookie() {</a>
<span class="sourceLineNo">065</span><a id="line.65"> return sessionIdCookie;</a>
<span class="sourceLineNo">066</span><a id="line.66"> }</a>
<span class="sourceLineNo">067</span><a id="line.67"></a>
<span class="sourceLineNo">068</span><a id="line.68"> @SuppressWarnings({"UnusedDeclaration"})</a>
<span class="sourceLineNo">069</span><a id="line.69"> public void setSessionIdCookie(Cookie sessionIdCookie) {</a>
<span class="sourceLineNo">070</span><a id="line.70"> this.sessionIdCookie = sessionIdCookie;</a>
<span class="sourceLineNo">071</span><a id="line.71"> }</a>
<span class="sourceLineNo">072</span><a id="line.72"></a>
<span class="sourceLineNo">073</span><a id="line.73"> public boolean isSessionIdCookieEnabled() {</a>
<span class="sourceLineNo">074</span><a id="line.74"> return sessionIdCookieEnabled;</a>
<span class="sourceLineNo">075</span><a id="line.75"> }</a>
<span class="sourceLineNo">076</span><a id="line.76"></a>
<span class="sourceLineNo">077</span><a id="line.77"> @SuppressWarnings({"UnusedDeclaration"})</a>
<span class="sourceLineNo">078</span><a id="line.78"> public void setSessionIdCookieEnabled(boolean sessionIdCookieEnabled) {</a>
<span class="sourceLineNo">079</span><a id="line.79"> this.sessionIdCookieEnabled = sessionIdCookieEnabled;</a>
<span class="sourceLineNo">080</span><a id="line.80"> }</a>
<span class="sourceLineNo">081</span><a id="line.81"></a>
<span class="sourceLineNo">082</span><a id="line.82"> public boolean isSessionIdUrlRewritingEnabled() {</a>
<span class="sourceLineNo">083</span><a id="line.83"> return sessionIdUrlRewritingEnabled;</a>
<span class="sourceLineNo">084</span><a id="line.84"> }</a>
<span class="sourceLineNo">085</span><a id="line.85"></a>
<span class="sourceLineNo">086</span><a id="line.86"> @SuppressWarnings({"UnusedDeclaration"})</a>
<span class="sourceLineNo">087</span><a id="line.87"> public void setSessionIdUrlRewritingEnabled(boolean sessionIdUrlRewritingEnabled) {</a>
<span class="sourceLineNo">088</span><a id="line.88"> this.sessionIdUrlRewritingEnabled = sessionIdUrlRewritingEnabled;</a>
<span class="sourceLineNo">089</span><a id="line.89"> }</a>
<span class="sourceLineNo">090</span><a id="line.90"></a>
<span class="sourceLineNo">091</span><a id="line.91"> private void storeSessionId(Serializable currentId, HttpServletRequest request, HttpServletResponse response) {</a>
<span class="sourceLineNo">092</span><a id="line.92"> if (currentId == null) {</a>
<span class="sourceLineNo">093</span><a id="line.93"> String msg = "sessionId cannot be null when persisting for subsequent requests.";</a>
<span class="sourceLineNo">094</span><a id="line.94"> throw new IllegalArgumentException(msg);</a>
<span class="sourceLineNo">095</span><a id="line.95"> }</a>
<span class="sourceLineNo">096</span><a id="line.96"> Cookie template = getSessionIdCookie();</a>
<span class="sourceLineNo">097</span><a id="line.97"> Cookie cookie = new SimpleCookie(template);</a>
<span class="sourceLineNo">098</span><a id="line.98"> String idString = currentId.toString();</a>
<span class="sourceLineNo">099</span><a id="line.99"> cookie.setValue(idString);</a>
<span class="sourceLineNo">100</span><a id="line.100"> cookie.saveTo(request, response);</a>
<span class="sourceLineNo">101</span><a id="line.101"> log.trace("Set session ID cookie for session with id {}", idString);</a>
<span class="sourceLineNo">102</span><a id="line.102"> }</a>
<span class="sourceLineNo">103</span><a id="line.103"></a>
<span class="sourceLineNo">104</span><a id="line.104"> private void removeSessionIdCookie(HttpServletRequest request, HttpServletResponse response) {</a>
<span class="sourceLineNo">105</span><a id="line.105"> getSessionIdCookie().removeFrom(request, response);</a>
<span class="sourceLineNo">106</span><a id="line.106"> }</a>
<span class="sourceLineNo">107</span><a id="line.107"></a>
<span class="sourceLineNo">108</span><a id="line.108"> private String getSessionIdCookieValue(ServletRequest request, ServletResponse response) {</a>
<span class="sourceLineNo">109</span><a id="line.109"> if (!isSessionIdCookieEnabled()) {</a>
<span class="sourceLineNo">110</span><a id="line.110"> log.debug("Session ID cookie is disabled - session id will not be acquired from a request cookie.");</a>
<span class="sourceLineNo">111</span><a id="line.111"> return null;</a>
<span class="sourceLineNo">112</span><a id="line.112"> }</a>
<span class="sourceLineNo">113</span><a id="line.113"> if (!(request instanceof HttpServletRequest)) {</a>
<span class="sourceLineNo">114</span><a id="line.114"> log.debug("Current request is not an HttpServletRequest - cannot get session ID cookie. Returning null.");</a>
<span class="sourceLineNo">115</span><a id="line.115"> return null;</a>
<span class="sourceLineNo">116</span><a id="line.116"> }</a>
<span class="sourceLineNo">117</span><a id="line.117"> HttpServletRequest httpRequest = (HttpServletRequest) request;</a>
<span class="sourceLineNo">118</span><a id="line.118"> return getSessionIdCookie().readValue(httpRequest, WebUtils.toHttp(response));</a>
<span class="sourceLineNo">119</span><a id="line.119"> }</a>
<span class="sourceLineNo">120</span><a id="line.120"></a>
<span class="sourceLineNo">121</span><a id="line.121"> private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {</a>
<span class="sourceLineNo">122</span><a id="line.122"></a>
<span class="sourceLineNo">123</span><a id="line.123"> String id = getSessionIdCookieValue(request, response);</a>
<span class="sourceLineNo">124</span><a id="line.124"> if (id != null) {</a>
<span class="sourceLineNo">125</span><a id="line.125"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,</a>
<span class="sourceLineNo">126</span><a id="line.126"> ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);</a>
<span class="sourceLineNo">127</span><a id="line.127"> } else {</a>
<span class="sourceLineNo">128</span><a id="line.128"> //not in a cookie, or cookie is disabled - try the request URI as a fallback (i.e. due to URL rewriting):</a>
<span class="sourceLineNo">129</span><a id="line.129"></a>
<span class="sourceLineNo">130</span><a id="line.130"> //try the URI path segment parameters first:</a>
<span class="sourceLineNo">131</span><a id="line.131"> id = getUriPathSegmentParamValue(request, ShiroHttpSession.DEFAULT_SESSION_ID_NAME);</a>
<span class="sourceLineNo">132</span><a id="line.132"></a>
<span class="sourceLineNo">133</span><a id="line.133"> if (id == null) {</a>
<span class="sourceLineNo">134</span><a id="line.134"> //not a URI path segment parameter, try the query parameters:</a>
<span class="sourceLineNo">135</span><a id="line.135"> String name = getSessionIdName();</a>
<span class="sourceLineNo">136</span><a id="line.136"> id = request.getParameter(name);</a>
<span class="sourceLineNo">137</span><a id="line.137"> if (id == null) {</a>
<span class="sourceLineNo">138</span><a id="line.138"> //try lowercase:</a>
<span class="sourceLineNo">139</span><a id="line.139"> id = request.getParameter(name.toLowerCase());</a>
<span class="sourceLineNo">140</span><a id="line.140"> }</a>
<span class="sourceLineNo">141</span><a id="line.141"> }</a>
<span class="sourceLineNo">142</span><a id="line.142"> if (id != null) {</a>
<span class="sourceLineNo">143</span><a id="line.143"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,</a>
<span class="sourceLineNo">144</span><a id="line.144"> ShiroHttpServletRequest.URL_SESSION_ID_SOURCE);</a>
<span class="sourceLineNo">145</span><a id="line.145"> }</a>
<span class="sourceLineNo">146</span><a id="line.146"> }</a>
<span class="sourceLineNo">147</span><a id="line.147"> if (id != null) {</a>
<span class="sourceLineNo">148</span><a id="line.148"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);</a>
<span class="sourceLineNo">149</span><a id="line.149"> //automatically mark it valid here. If it is invalid, the</a>
<span class="sourceLineNo">150</span><a id="line.150"> //onUnknownSession method below will be invoked and we'll remove the attribute at that time.</a>
<span class="sourceLineNo">151</span><a id="line.151"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);</a>
<span class="sourceLineNo">152</span><a id="line.152"> }</a>
<span class="sourceLineNo">153</span><a id="line.153"></a>
<span class="sourceLineNo">154</span><a id="line.154"> // always set rewrite flag - SHIRO-361</a>
<span class="sourceLineNo">155</span><a id="line.155"> request.setAttribute(ShiroHttpServletRequest.SESSION_ID_URL_REWRITING_ENABLED, isSessionIdUrlRewritingEnabled());</a>
<span class="sourceLineNo">156</span><a id="line.156"></a>
<span class="sourceLineNo">157</span><a id="line.157"> return id;</a>
<span class="sourceLineNo">158</span><a id="line.158"> }</a>
<span class="sourceLineNo">159</span><a id="line.159"></a>
<span class="sourceLineNo">160</span><a id="line.160"> //SHIRO-351</a>
<span class="sourceLineNo">161</span><a id="line.161"> //also see http://cdivilly.wordpress.com/2011/04/22/java-servlets-uri-parameters/</a>
<span class="sourceLineNo">162</span><a id="line.162"> //since 1.2.2</a>
<span class="sourceLineNo">163</span><a id="line.163"> private String getUriPathSegmentParamValue(ServletRequest servletRequest, String paramName) {</a>
<span class="sourceLineNo">164</span><a id="line.164"></a>
<span class="sourceLineNo">165</span><a id="line.165"> if (!(servletRequest instanceof HttpServletRequest)) {</a>
<span class="sourceLineNo">166</span><a id="line.166"> return null;</a>
<span class="sourceLineNo">167</span><a id="line.167"> }</a>
<span class="sourceLineNo">168</span><a id="line.168"> HttpServletRequest request = (HttpServletRequest)servletRequest;</a>
<span class="sourceLineNo">169</span><a id="line.169"> String uri = request.getRequestURI();</a>
<span class="sourceLineNo">170</span><a id="line.170"> if (uri == null) {</a>
<span class="sourceLineNo">171</span><a id="line.171"> return null;</a>
<span class="sourceLineNo">172</span><a id="line.172"> }</a>
<span class="sourceLineNo">173</span><a id="line.173"></a>
<span class="sourceLineNo">174</span><a id="line.174"> int queryStartIndex = uri.indexOf('?');</a>
<span class="sourceLineNo">175</span><a id="line.175"> if (queryStartIndex &gt;= 0) { //get rid of the query string</a>
<span class="sourceLineNo">176</span><a id="line.176"> uri = uri.substring(0, queryStartIndex);</a>
<span class="sourceLineNo">177</span><a id="line.177"> }</a>
<span class="sourceLineNo">178</span><a id="line.178"></a>
<span class="sourceLineNo">179</span><a id="line.179"> int index = uri.indexOf(';'); //now check for path segment parameters:</a>
<span class="sourceLineNo">180</span><a id="line.180"> if (index &lt; 0) {</a>
<span class="sourceLineNo">181</span><a id="line.181"> //no path segment params - return:</a>
<span class="sourceLineNo">182</span><a id="line.182"> return null;</a>
<span class="sourceLineNo">183</span><a id="line.183"> }</a>
<span class="sourceLineNo">184</span><a id="line.184"></a>
<span class="sourceLineNo">185</span><a id="line.185"> //there are path segment params, let's get the last one that may exist:</a>
<span class="sourceLineNo">186</span><a id="line.186"></a>
<span class="sourceLineNo">187</span><a id="line.187"> final String TOKEN = paramName + "=";</a>
<span class="sourceLineNo">188</span><a id="line.188"></a>
<span class="sourceLineNo">189</span><a id="line.189"> uri = uri.substring(index+1); //uri now contains only the path segment params</a>
<span class="sourceLineNo">190</span><a id="line.190"></a>
<span class="sourceLineNo">191</span><a id="line.191"> //we only care about the last JSESSIONID param:</a>
<span class="sourceLineNo">192</span><a id="line.192"> index = uri.lastIndexOf(TOKEN);</a>
<span class="sourceLineNo">193</span><a id="line.193"> if (index &lt; 0) {</a>
<span class="sourceLineNo">194</span><a id="line.194"> //no segment param:</a>
<span class="sourceLineNo">195</span><a id="line.195"> return null;</a>
<span class="sourceLineNo">196</span><a id="line.196"> }</a>
<span class="sourceLineNo">197</span><a id="line.197"></a>
<span class="sourceLineNo">198</span><a id="line.198"> uri = uri.substring(index + TOKEN.length());</a>
<span class="sourceLineNo">199</span><a id="line.199"></a>
<span class="sourceLineNo">200</span><a id="line.200"> index = uri.indexOf(';'); //strip off any remaining segment params:</a>
<span class="sourceLineNo">201</span><a id="line.201"> if(index &gt;= 0) {</a>
<span class="sourceLineNo">202</span><a id="line.202"> uri = uri.substring(0, index);</a>
<span class="sourceLineNo">203</span><a id="line.203"> }</a>
<span class="sourceLineNo">204</span><a id="line.204"></a>
<span class="sourceLineNo">205</span><a id="line.205"> return uri; //what remains is the value</a>
<span class="sourceLineNo">206</span><a id="line.206"> }</a>
<span class="sourceLineNo">207</span><a id="line.207"></a>
<span class="sourceLineNo">208</span><a id="line.208"> //since 1.2.1</a>
<span class="sourceLineNo">209</span><a id="line.209"> private String getSessionIdName() {</a>
<span class="sourceLineNo">210</span><a id="line.210"> String name = this.sessionIdCookie != null ? this.sessionIdCookie.getName() : null;</a>
<span class="sourceLineNo">211</span><a id="line.211"> if (name == null) {</a>
<span class="sourceLineNo">212</span><a id="line.212"> name = ShiroHttpSession.DEFAULT_SESSION_ID_NAME;</a>
<span class="sourceLineNo">213</span><a id="line.213"> }</a>
<span class="sourceLineNo">214</span><a id="line.214"> return name;</a>
<span class="sourceLineNo">215</span><a id="line.215"> }</a>
<span class="sourceLineNo">216</span><a id="line.216"></a>
<span class="sourceLineNo">217</span><a id="line.217"> protected Session createExposedSession(Session session, SessionContext context) {</a>
<span class="sourceLineNo">218</span><a id="line.218"> if (!WebUtils.isWeb(context)) {</a>
<span class="sourceLineNo">219</span><a id="line.219"> return super.createExposedSession(session, context);</a>
<span class="sourceLineNo">220</span><a id="line.220"> }</a>
<span class="sourceLineNo">221</span><a id="line.221"> ServletRequest request = WebUtils.getRequest(context);</a>
<span class="sourceLineNo">222</span><a id="line.222"> ServletResponse response = WebUtils.getResponse(context);</a>
<span class="sourceLineNo">223</span><a id="line.223"> SessionKey key = new WebSessionKey(session.getId(), request, response);</a>
<span class="sourceLineNo">224</span><a id="line.224"> return new DelegatingSession(this, key);</a>
<span class="sourceLineNo">225</span><a id="line.225"> }</a>
<span class="sourceLineNo">226</span><a id="line.226"></a>
<span class="sourceLineNo">227</span><a id="line.227"> protected Session createExposedSession(Session session, SessionKey key) {</a>
<span class="sourceLineNo">228</span><a id="line.228"> if (!WebUtils.isWeb(key)) {</a>
<span class="sourceLineNo">229</span><a id="line.229"> return super.createExposedSession(session, key);</a>
<span class="sourceLineNo">230</span><a id="line.230"> }</a>
<span class="sourceLineNo">231</span><a id="line.231"></a>
<span class="sourceLineNo">232</span><a id="line.232"> ServletRequest request = WebUtils.getRequest(key);</a>
<span class="sourceLineNo">233</span><a id="line.233"> ServletResponse response = WebUtils.getResponse(key);</a>
<span class="sourceLineNo">234</span><a id="line.234"> SessionKey sessionKey = new WebSessionKey(session.getId(), request, response);</a>
<span class="sourceLineNo">235</span><a id="line.235"> return new DelegatingSession(this, sessionKey);</a>
<span class="sourceLineNo">236</span><a id="line.236"> }</a>
<span class="sourceLineNo">237</span><a id="line.237"></a>
<span class="sourceLineNo">238</span><a id="line.238"> /**</a>
<span class="sourceLineNo">239</span><a id="line.239"> * Stores the Session's ID, usually as a Cookie, to associate with future requests.</a>
<span class="sourceLineNo">240</span><a id="line.240"> *</a>
<span class="sourceLineNo">241</span><a id="line.241"> * @param session the session that was just {@link #createSession created}.</a>
<span class="sourceLineNo">242</span><a id="line.242"> */</a>
<span class="sourceLineNo">243</span><a id="line.243"> @Override</a>
<span class="sourceLineNo">244</span><a id="line.244"> protected void onStart(Session session, SessionContext context) {</a>
<span class="sourceLineNo">245</span><a id="line.245"> super.onStart(session, context);</a>
<span class="sourceLineNo">246</span><a id="line.246"></a>
<span class="sourceLineNo">247</span><a id="line.247"> if (!WebUtils.isHttp(context)) {</a>
<span class="sourceLineNo">248</span><a id="line.248"> log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +</a>
<span class="sourceLineNo">249</span><a id="line.249"> "pair. No session ID cookie will be set.");</a>
<span class="sourceLineNo">250</span><a id="line.250"> return;</a>
<span class="sourceLineNo">251</span><a id="line.251"></a>
<span class="sourceLineNo">252</span><a id="line.252"> }</a>
<span class="sourceLineNo">253</span><a id="line.253"> HttpServletRequest request = WebUtils.getHttpRequest(context);</a>
<span class="sourceLineNo">254</span><a id="line.254"> HttpServletResponse response = WebUtils.getHttpResponse(context);</a>
<span class="sourceLineNo">255</span><a id="line.255"></a>
<span class="sourceLineNo">256</span><a id="line.256"> if (isSessionIdCookieEnabled()) {</a>
<span class="sourceLineNo">257</span><a id="line.257"> Serializable sessionId = session.getId();</a>
<span class="sourceLineNo">258</span><a id="line.258"> storeSessionId(sessionId, request, response);</a>
<span class="sourceLineNo">259</span><a id="line.259"> } else {</a>
<span class="sourceLineNo">260</span><a id="line.260"> log.debug("Session ID cookie is disabled. No cookie has been set for new session with id {}", session.getId());</a>
<span class="sourceLineNo">261</span><a id="line.261"> }</a>
<span class="sourceLineNo">262</span><a id="line.262"></a>
<span class="sourceLineNo">263</span><a id="line.263"> request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);</a>
<span class="sourceLineNo">264</span><a id="line.264"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);</a>
<span class="sourceLineNo">265</span><a id="line.265"> }</a>
<span class="sourceLineNo">266</span><a id="line.266"></a>
<span class="sourceLineNo">267</span><a id="line.267"> @Override</a>
<span class="sourceLineNo">268</span><a id="line.268"> public Serializable getSessionId(SessionKey key) {</a>
<span class="sourceLineNo">269</span><a id="line.269"> Serializable id = super.getSessionId(key);</a>
<span class="sourceLineNo">270</span><a id="line.270"> if (id == null &amp;&amp; WebUtils.isWeb(key)) {</a>
<span class="sourceLineNo">271</span><a id="line.271"> ServletRequest request = WebUtils.getRequest(key);</a>
<span class="sourceLineNo">272</span><a id="line.272"> ServletResponse response = WebUtils.getResponse(key);</a>
<span class="sourceLineNo">273</span><a id="line.273"> id = getSessionId(request, response);</a>
<span class="sourceLineNo">274</span><a id="line.274"> }</a>
<span class="sourceLineNo">275</span><a id="line.275"> return id;</a>
<span class="sourceLineNo">276</span><a id="line.276"> }</a>
<span class="sourceLineNo">277</span><a id="line.277"></a>
<span class="sourceLineNo">278</span><a id="line.278"> protected Serializable getSessionId(ServletRequest request, ServletResponse response) {</a>
<span class="sourceLineNo">279</span><a id="line.279"> return getReferencedSessionId(request, response);</a>
<span class="sourceLineNo">280</span><a id="line.280"> }</a>
<span class="sourceLineNo">281</span><a id="line.281"></a>
<span class="sourceLineNo">282</span><a id="line.282"> @Override</a>
<span class="sourceLineNo">283</span><a id="line.283"> protected void onExpiration(Session s, ExpiredSessionException ese, SessionKey key) {</a>
<span class="sourceLineNo">284</span><a id="line.284"> super.onExpiration(s, ese, key);</a>
<span class="sourceLineNo">285</span><a id="line.285"> onInvalidation(key);</a>
<span class="sourceLineNo">286</span><a id="line.286"> }</a>
<span class="sourceLineNo">287</span><a id="line.287"></a>
<span class="sourceLineNo">288</span><a id="line.288"> @Override</a>
<span class="sourceLineNo">289</span><a id="line.289"> protected void onInvalidation(Session session, InvalidSessionException ise, SessionKey key) {</a>
<span class="sourceLineNo">290</span><a id="line.290"> super.onInvalidation(session, ise, key);</a>
<span class="sourceLineNo">291</span><a id="line.291"> onInvalidation(key);</a>
<span class="sourceLineNo">292</span><a id="line.292"> }</a>
<span class="sourceLineNo">293</span><a id="line.293"></a>
<span class="sourceLineNo">294</span><a id="line.294"> private void onInvalidation(SessionKey key) {</a>
<span class="sourceLineNo">295</span><a id="line.295"> ServletRequest request = WebUtils.getRequest(key);</a>
<span class="sourceLineNo">296</span><a id="line.296"> if (request != null) {</a>
<span class="sourceLineNo">297</span><a id="line.297"> request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID);</a>
<span class="sourceLineNo">298</span><a id="line.298"> }</a>
<span class="sourceLineNo">299</span><a id="line.299"> if (WebUtils.isHttp(key)) {</a>
<span class="sourceLineNo">300</span><a id="line.300"> log.debug("Referenced session was invalid. Removing session ID cookie.");</a>
<span class="sourceLineNo">301</span><a id="line.301"> removeSessionIdCookie(WebUtils.getHttpRequest(key), WebUtils.getHttpResponse(key));</a>
<span class="sourceLineNo">302</span><a id="line.302"> } else {</a>
<span class="sourceLineNo">303</span><a id="line.303"> log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response " +</a>
<span class="sourceLineNo">304</span><a id="line.304"> "pair. Session ID cookie will not be removed due to invalidated session.");</a>
<span class="sourceLineNo">305</span><a id="line.305"> }</a>
<span class="sourceLineNo">306</span><a id="line.306"> }</a>
<span class="sourceLineNo">307</span><a id="line.307"></a>
<span class="sourceLineNo">308</span><a id="line.308"> @Override</a>
<span class="sourceLineNo">309</span><a id="line.309"> protected void onStop(Session session, SessionKey key) {</a>
<span class="sourceLineNo">310</span><a id="line.310"> super.onStop(session, key);</a>
<span class="sourceLineNo">311</span><a id="line.311"> if (WebUtils.isHttp(key)) {</a>
<span class="sourceLineNo">312</span><a id="line.312"> HttpServletRequest request = WebUtils.getHttpRequest(key);</a>
<span class="sourceLineNo">313</span><a id="line.313"> HttpServletResponse response = WebUtils.getHttpResponse(key);</a>
<span class="sourceLineNo">314</span><a id="line.314"> log.debug("Session has been stopped (subject logout or explicit stop). Removing session ID cookie.");</a>
<span class="sourceLineNo">315</span><a id="line.315"> removeSessionIdCookie(request, response);</a>
<span class="sourceLineNo">316</span><a id="line.316"> } else {</a>
<span class="sourceLineNo">317</span><a id="line.317"> log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response " +</a>
<span class="sourceLineNo">318</span><a id="line.318"> "pair. Session ID cookie will not be removed due to stopped session.");</a>
<span class="sourceLineNo">319</span><a id="line.319"> }</a>
<span class="sourceLineNo">320</span><a id="line.320"> }</a>
<span class="sourceLineNo">321</span><a id="line.321"></a>
<span class="sourceLineNo">322</span><a id="line.322"> /**</a>
<span class="sourceLineNo">323</span><a id="line.323"> * This is a native session manager implementation, so this method returns {@code false} always.</a>
<span class="sourceLineNo">324</span><a id="line.324"> *</a>
<span class="sourceLineNo">325</span><a id="line.325"> * @return {@code false} always</a>
<span class="sourceLineNo">326</span><a id="line.326"> * @since 1.2</a>
<span class="sourceLineNo">327</span><a id="line.327"> */</a>
<span class="sourceLineNo">328</span><a id="line.328"> public boolean isServletContainerSessions() {</a>
<span class="sourceLineNo">329</span><a id="line.329"> return false;</a>
<span class="sourceLineNo">330</span><a id="line.330"> }</a>
<span class="sourceLineNo">331</span><a id="line.331">}</a>
</pre>
</div>
</main>
</body>
</html>