Google Git
Sign in
apache / shiro-site / 01016f43374d9b054f3ea1e568b015d5d69428f9 / . / src / site / assets / static / 1.9.1 / shiro-web / apidocs / src-html / org / apache / shiro / web / session / mgt / DefaultWebSessionManager.html
blob: 618398fdb3fbaea190fa62ca47fbfd2ea2e200fd [file] [log] [blame]
<!DOCTYPE HTML>
<html lang="en">
<head>
<title>Source code</title>
<link rel="stylesheet" type="text/css" href="../../../../../../../stylesheet.css" title="Style">
</head>
<body>
<main role="main">
<div class="sourceContainer">
<pre><span class="sourceLineNo">001</span><a id="line.1">/*</a>
<span class="sourceLineNo">002</span><a id="line.2"> * Licensed to the Apache Software Foundation (ASF) under one</a>
<span class="sourceLineNo">003</span><a id="line.3"> * or more contributor license agreements. See the NOTICE file</a>
<span class="sourceLineNo">004</span><a id="line.4"> * distributed with this work for additional information</a>
<span class="sourceLineNo">005</span><a id="line.5"> * regarding copyright ownership. The ASF licenses this file</a>
<span class="sourceLineNo">006</span><a id="line.6"> * to you under the Apache License, Version 2.0 (the</a>
<span class="sourceLineNo">007</span><a id="line.7"> * "License"); you may not use this file except in compliance</a>
<span class="sourceLineNo">008</span><a id="line.8"> * with the License. You may obtain a copy of the License at</a>
<span class="sourceLineNo">009</span><a id="line.9"> *</a>
<span class="sourceLineNo">010</span><a id="line.10"> * http://www.apache.org/licenses/LICENSE-2.0</a>
<span class="sourceLineNo">011</span><a id="line.11"> *</a>
<span class="sourceLineNo">012</span><a id="line.12"> * Unless required by applicable law or agreed to in writing,</a>
<span class="sourceLineNo">013</span><a id="line.13"> * software distributed under the License is distributed on an</a>
<span class="sourceLineNo">014</span><a id="line.14"> * "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY</a>
<span class="sourceLineNo">015</span><a id="line.15"> * KIND, either express or implied. See the License for the</a>
<span class="sourceLineNo">016</span><a id="line.16"> * specific language governing permissions and limitations</a>
<span class="sourceLineNo">017</span><a id="line.17"> * under the License.</a>
<span class="sourceLineNo">018</span><a id="line.18"> */</a>
<span class="sourceLineNo">019</span><a id="line.19">package org.apache.shiro.web.session.mgt;</a>
<span class="sourceLineNo">020</span><a id="line.20"></a>
<span class="sourceLineNo">021</span><a id="line.21">import org.apache.shiro.session.ExpiredSessionException;</a>
<span class="sourceLineNo">022</span><a id="line.22">import org.apache.shiro.session.InvalidSessionException;</a>
<span class="sourceLineNo">023</span><a id="line.23">import org.apache.shiro.session.Session;</a>
<span class="sourceLineNo">024</span><a id="line.24">import org.apache.shiro.session.mgt.DefaultSessionManager;</a>
<span class="sourceLineNo">025</span><a id="line.25">import org.apache.shiro.session.mgt.DelegatingSession;</a>
<span class="sourceLineNo">026</span><a id="line.26">import org.apache.shiro.session.mgt.SessionContext;</a>
<span class="sourceLineNo">027</span><a id="line.27">import org.apache.shiro.session.mgt.SessionKey;</a>
<span class="sourceLineNo">028</span><a id="line.28">import org.apache.shiro.web.servlet.Cookie;</a>
<span class="sourceLineNo">029</span><a id="line.29">import org.apache.shiro.web.servlet.ShiroHttpServletRequest;</a>
<span class="sourceLineNo">030</span><a id="line.30">import org.apache.shiro.web.servlet.ShiroHttpSession;</a>
<span class="sourceLineNo">031</span><a id="line.31">import org.apache.shiro.web.servlet.SimpleCookie;</a>
<span class="sourceLineNo">032</span><a id="line.32">import org.apache.shiro.web.util.WebUtils;</a>
<span class="sourceLineNo">033</span><a id="line.33">import org.slf4j.Logger;</a>
<span class="sourceLineNo">034</span><a id="line.34">import org.slf4j.LoggerFactory;</a>
<span class="sourceLineNo">035</span><a id="line.35"></a>
<span class="sourceLineNo">036</span><a id="line.36">import javax.servlet.ServletRequest;</a>
<span class="sourceLineNo">037</span><a id="line.37">import javax.servlet.ServletResponse;</a>
<span class="sourceLineNo">038</span><a id="line.38">import javax.servlet.http.HttpServletRequest;</a>
<span class="sourceLineNo">039</span><a id="line.39">import javax.servlet.http.HttpServletResponse;</a>
<span class="sourceLineNo">040</span><a id="line.40">import java.io.Serializable;</a>
<span class="sourceLineNo">041</span><a id="line.41"></a>
<span class="sourceLineNo">042</span><a id="line.42"></a>
<span class="sourceLineNo">043</span><a id="line.43">/**</a>
<span class="sourceLineNo">044</span><a id="line.44"> * Web-application capable {@link org.apache.shiro.session.mgt.SessionManager SessionManager} implementation.</a>
<span class="sourceLineNo">045</span><a id="line.45"> *</a>
<span class="sourceLineNo">046</span><a id="line.46"> * @since 0.9</a>
<span class="sourceLineNo">047</span><a id="line.47"> */</a>
<span class="sourceLineNo">048</span><a id="line.48">public class DefaultWebSessionManager extends DefaultSessionManager implements WebSessionManager {</a>
<span class="sourceLineNo">049</span><a id="line.49"></a>
<span class="sourceLineNo">050</span><a id="line.50"> private static final Logger log = LoggerFactory.getLogger(DefaultWebSessionManager.class);</a>
<span class="sourceLineNo">051</span><a id="line.51"></a>
<span class="sourceLineNo">052</span><a id="line.52"> private Cookie sessionIdCookie;</a>
<span class="sourceLineNo">053</span><a id="line.53"> private boolean sessionIdCookieEnabled;</a>
<span class="sourceLineNo">054</span><a id="line.54"> private boolean sessionIdUrlRewritingEnabled;</a>
<span class="sourceLineNo">055</span><a id="line.55"></a>
<span class="sourceLineNo">056</span><a id="line.56"> public DefaultWebSessionManager() {</a>
<span class="sourceLineNo">057</span><a id="line.57"> Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);</a>
<span class="sourceLineNo">058</span><a id="line.58"> cookie.setHttpOnly(true); //more secure, protects against XSS attacks</a>
<span class="sourceLineNo">059</span><a id="line.59"> this.sessionIdCookie = cookie;</a>
<span class="sourceLineNo">060</span><a id="line.60"> this.sessionIdCookieEnabled = true;</a>
<span class="sourceLineNo">061</span><a id="line.61"> this.sessionIdUrlRewritingEnabled = false;</a>
<span class="sourceLineNo">062</span><a id="line.62"> }</a>
<span class="sourceLineNo">063</span><a id="line.63"></a>
<span class="sourceLineNo">064</span><a id="line.64"> public Cookie getSessionIdCookie() {</a>
<span class="sourceLineNo">065</span><a id="line.65"> return sessionIdCookie;</a>
<span class="sourceLineNo">066</span><a id="line.66"> }</a>
<span class="sourceLineNo">067</span><a id="line.67"></a>
<span class="sourceLineNo">068</span><a id="line.68"> @SuppressWarnings({"UnusedDeclaration"})</a>
<span class="sourceLineNo">069</span><a id="line.69"> public void setSessionIdCookie(Cookie sessionIdCookie) {</a>
<span class="sourceLineNo">070</span><a id="line.70"> this.sessionIdCookie = sessionIdCookie;</a>
<span class="sourceLineNo">071</span><a id="line.71"> }</a>
<span class="sourceLineNo">072</span><a id="line.72"></a>
<span class="sourceLineNo">073</span><a id="line.73"> public boolean isSessionIdCookieEnabled() {</a>
<span class="sourceLineNo">074</span><a id="line.74"> return sessionIdCookieEnabled;</a>
<span class="sourceLineNo">075</span><a id="line.75"> }</a>
<span class="sourceLineNo">076</span><a id="line.76"></a>
<span class="sourceLineNo">077</span><a id="line.77"> @SuppressWarnings({"UnusedDeclaration"})</a>
<span class="sourceLineNo">078</span><a id="line.78"> public void setSessionIdCookieEnabled(boolean sessionIdCookieEnabled) {</a>
<span class="sourceLineNo">079</span><a id="line.79"> this.sessionIdCookieEnabled = sessionIdCookieEnabled;</a>
<span class="sourceLineNo">080</span><a id="line.80"> }</a>
<span class="sourceLineNo">081</span><a id="line.81"></a>
<span class="sourceLineNo">082</span><a id="line.82"> public boolean isSessionIdUrlRewritingEnabled() {</a>
<span class="sourceLineNo">083</span><a id="line.83"> return sessionIdUrlRewritingEnabled;</a>
<span class="sourceLineNo">084</span><a id="line.84"> }</a>
<span class="sourceLineNo">085</span><a id="line.85"></a>
<span class="sourceLineNo">086</span><a id="line.86"> @SuppressWarnings({"UnusedDeclaration"})</a>
<span class="sourceLineNo">087</span><a id="line.87"> public void setSessionIdUrlRewritingEnabled(boolean sessionIdUrlRewritingEnabled) {</a>
<span class="sourceLineNo">088</span><a id="line.88"> this.sessionIdUrlRewritingEnabled = sessionIdUrlRewritingEnabled;</a>
<span class="sourceLineNo">089</span><a id="line.89"> }</a>
<span class="sourceLineNo">090</span><a id="line.90"></a>
<span class="sourceLineNo">091</span><a id="line.91"> private void storeSessionId(Serializable currentId, HttpServletRequest request, HttpServletResponse response) {</a>
<span class="sourceLineNo">092</span><a id="line.92"> if (currentId == null) {</a>
<span class="sourceLineNo">093</span><a id="line.93"> String msg = "sessionId cannot be null when persisting for subsequent requests.";</a>
<span class="sourceLineNo">094</span><a id="line.94"> throw new IllegalArgumentException(msg);</a>
<span class="sourceLineNo">095</span><a id="line.95"> }</a>
<span class="sourceLineNo">096</span><a id="line.96"> Cookie template = getSessionIdCookie();</a>
<span class="sourceLineNo">097</span><a id="line.97"> Cookie cookie = new SimpleCookie(template);</a>
<span class="sourceLineNo">098</span><a id="line.98"> String idString = currentId.toString();</a>
<span class="sourceLineNo">099</span><a id="line.99"> cookie.setValue(idString);</a>
<span class="sourceLineNo">100</span><a id="line.100"> cookie.saveTo(request, response);</a>
<span class="sourceLineNo">101</span><a id="line.101"> log.trace("Set session ID cookie for session with id {}", idString);</a>
<span class="sourceLineNo">102</span><a id="line.102"> }</a>
<span class="sourceLineNo">103</span><a id="line.103"></a>
<span class="sourceLineNo">104</span><a id="line.104"> private void removeSessionIdCookie(HttpServletRequest request, HttpServletResponse response) {</a>
<span class="sourceLineNo">105</span><a id="line.105"> getSessionIdCookie().removeFrom(request, response);</a>
<span class="sourceLineNo">106</span><a id="line.106"> }</a>
<span class="sourceLineNo">107</span><a id="line.107"></a>
<span class="sourceLineNo">108</span><a id="line.108"> private String getSessionIdCookieValue(ServletRequest request, ServletResponse response) {</a>
<span class="sourceLineNo">109</span><a id="line.109"> if (!isSessionIdCookieEnabled()) {</a>
<span class="sourceLineNo">110</span><a id="line.110"> log.debug("Session ID cookie is disabled - session id will not be acquired from a request cookie.");</a>
<span class="sourceLineNo">111</span><a id="line.111"> return null;</a>
<span class="sourceLineNo">112</span><a id="line.112"> }</a>
<span class="sourceLineNo">113</span><a id="line.113"> if (!(request instanceof HttpServletRequest)) {</a>
<span class="sourceLineNo">114</span><a id="line.114"> log.debug("Current request is not an HttpServletRequest - cannot get session ID cookie. Returning null.");</a>
<span class="sourceLineNo">115</span><a id="line.115"> return null;</a>
<span class="sourceLineNo">116</span><a id="line.116"> }</a>
<span class="sourceLineNo">117</span><a id="line.117"> HttpServletRequest httpRequest = (HttpServletRequest) request;</a>
<span class="sourceLineNo">118</span><a id="line.118"> return getSessionIdCookie().readValue(httpRequest, WebUtils.toHttp(response));</a>
<span class="sourceLineNo">119</span><a id="line.119"> }</a>
<span class="sourceLineNo">120</span><a id="line.120"></a>
<span class="sourceLineNo">121</span><a id="line.121"> private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {</a>
<span class="sourceLineNo">122</span><a id="line.122"></a>
<span class="sourceLineNo">123</span><a id="line.123"> String id = getSessionIdCookieValue(request, response);</a>
<span class="sourceLineNo">124</span><a id="line.124"> if (id != null) {</a>
<span class="sourceLineNo">125</span><a id="line.125"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,</a>
<span class="sourceLineNo">126</span><a id="line.126"> ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);</a>
<span class="sourceLineNo">127</span><a id="line.127"> } else {</a>
<span class="sourceLineNo">128</span><a id="line.128"> //not in a cookie, or cookie is disabled - try the request URI as a fallback (i.e. due to URL rewriting):</a>
<span class="sourceLineNo">129</span><a id="line.129"></a>
<span class="sourceLineNo">130</span><a id="line.130"> //try the URI path segment parameters first:</a>
<span class="sourceLineNo">131</span><a id="line.131"> id = getUriPathSegmentParamValue(request, ShiroHttpSession.DEFAULT_SESSION_ID_NAME);</a>
<span class="sourceLineNo">132</span><a id="line.132"></a>
<span class="sourceLineNo">133</span><a id="line.133"> if (id == null &amp;&amp; request instanceof HttpServletRequest) {</a>
<span class="sourceLineNo">134</span><a id="line.134"> //not a URI path segment parameter, try the query parameters:</a>
<span class="sourceLineNo">135</span><a id="line.135"> String name = getSessionIdName();</a>
<span class="sourceLineNo">136</span><a id="line.136"> HttpServletRequest httpServletRequest = WebUtils.toHttp(request);</a>
<span class="sourceLineNo">137</span><a id="line.137"> String queryString = httpServletRequest.getQueryString();</a>
<span class="sourceLineNo">138</span><a id="line.138"> if (queryString != null &amp;&amp; queryString.contains(name)) {</a>
<span class="sourceLineNo">139</span><a id="line.139"> id = request.getParameter(name);</a>
<span class="sourceLineNo">140</span><a id="line.140"> }</a>
<span class="sourceLineNo">141</span><a id="line.141"> if (id == null &amp;&amp; queryString != null &amp;&amp; queryString.contains(name.toLowerCase())) {</a>
<span class="sourceLineNo">142</span><a id="line.142"> //try lowercase:</a>
<span class="sourceLineNo">143</span><a id="line.143"> id = request.getParameter(name.toLowerCase());</a>
<span class="sourceLineNo">144</span><a id="line.144"> }</a>
<span class="sourceLineNo">145</span><a id="line.145"> }</a>
<span class="sourceLineNo">146</span><a id="line.146"> if (id != null) {</a>
<span class="sourceLineNo">147</span><a id="line.147"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,</a>
<span class="sourceLineNo">148</span><a id="line.148"> ShiroHttpServletRequest.URL_SESSION_ID_SOURCE);</a>
<span class="sourceLineNo">149</span><a id="line.149"> }</a>
<span class="sourceLineNo">150</span><a id="line.150"> }</a>
<span class="sourceLineNo">151</span><a id="line.151"> if (id != null) {</a>
<span class="sourceLineNo">152</span><a id="line.152"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);</a>
<span class="sourceLineNo">153</span><a id="line.153"> //automatically mark it valid here. If it is invalid, the</a>
<span class="sourceLineNo">154</span><a id="line.154"> //onUnknownSession method below will be invoked and we'll remove the attribute at that time.</a>
<span class="sourceLineNo">155</span><a id="line.155"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);</a>
<span class="sourceLineNo">156</span><a id="line.156"> }</a>
<span class="sourceLineNo">157</span><a id="line.157"></a>
<span class="sourceLineNo">158</span><a id="line.158"> // always set rewrite flag - SHIRO-361</a>
<span class="sourceLineNo">159</span><a id="line.159"> request.setAttribute(ShiroHttpServletRequest.SESSION_ID_URL_REWRITING_ENABLED, isSessionIdUrlRewritingEnabled());</a>
<span class="sourceLineNo">160</span><a id="line.160"></a>
<span class="sourceLineNo">161</span><a id="line.161"> return id;</a>
<span class="sourceLineNo">162</span><a id="line.162"> }</a>
<span class="sourceLineNo">163</span><a id="line.163"></a>
<span class="sourceLineNo">164</span><a id="line.164"> //SHIRO-351</a>
<span class="sourceLineNo">165</span><a id="line.165"> //also see http://cdivilly.wordpress.com/2011/04/22/java-servlets-uri-parameters/</a>
<span class="sourceLineNo">166</span><a id="line.166"> //since 1.2.2</a>
<span class="sourceLineNo">167</span><a id="line.167"> private String getUriPathSegmentParamValue(ServletRequest servletRequest, String paramName) {</a>
<span class="sourceLineNo">168</span><a id="line.168"></a>
<span class="sourceLineNo">169</span><a id="line.169"> if (!(servletRequest instanceof HttpServletRequest)) {</a>
<span class="sourceLineNo">170</span><a id="line.170"> return null;</a>
<span class="sourceLineNo">171</span><a id="line.171"> }</a>
<span class="sourceLineNo">172</span><a id="line.172"> HttpServletRequest request = (HttpServletRequest)servletRequest;</a>
<span class="sourceLineNo">173</span><a id="line.173"> String uri = request.getRequestURI();</a>
<span class="sourceLineNo">174</span><a id="line.174"> if (uri == null) {</a>
<span class="sourceLineNo">175</span><a id="line.175"> return null;</a>
<span class="sourceLineNo">176</span><a id="line.176"> }</a>
<span class="sourceLineNo">177</span><a id="line.177"></a>
<span class="sourceLineNo">178</span><a id="line.178"> int queryStartIndex = uri.indexOf('?');</a>
<span class="sourceLineNo">179</span><a id="line.179"> if (queryStartIndex &gt;= 0) { //get rid of the query string</a>
<span class="sourceLineNo">180</span><a id="line.180"> uri = uri.substring(0, queryStartIndex);</a>
<span class="sourceLineNo">181</span><a id="line.181"> }</a>
<span class="sourceLineNo">182</span><a id="line.182"></a>
<span class="sourceLineNo">183</span><a id="line.183"> int index = uri.indexOf(';'); //now check for path segment parameters:</a>
<span class="sourceLineNo">184</span><a id="line.184"> if (index &lt; 0) {</a>
<span class="sourceLineNo">185</span><a id="line.185"> //no path segment params - return:</a>
<span class="sourceLineNo">186</span><a id="line.186"> return null;</a>
<span class="sourceLineNo">187</span><a id="line.187"> }</a>
<span class="sourceLineNo">188</span><a id="line.188"></a>
<span class="sourceLineNo">189</span><a id="line.189"> //there are path segment params, let's get the last one that may exist:</a>
<span class="sourceLineNo">190</span><a id="line.190"></a>
<span class="sourceLineNo">191</span><a id="line.191"> final String TOKEN = paramName + "=";</a>
<span class="sourceLineNo">192</span><a id="line.192"></a>
<span class="sourceLineNo">193</span><a id="line.193"> uri = uri.substring(index+1); //uri now contains only the path segment params</a>
<span class="sourceLineNo">194</span><a id="line.194"></a>
<span class="sourceLineNo">195</span><a id="line.195"> //we only care about the last JSESSIONID param:</a>
<span class="sourceLineNo">196</span><a id="line.196"> index = uri.lastIndexOf(TOKEN);</a>
<span class="sourceLineNo">197</span><a id="line.197"> if (index &lt; 0) {</a>
<span class="sourceLineNo">198</span><a id="line.198"> //no segment param:</a>
<span class="sourceLineNo">199</span><a id="line.199"> return null;</a>
<span class="sourceLineNo">200</span><a id="line.200"> }</a>
<span class="sourceLineNo">201</span><a id="line.201"></a>
<span class="sourceLineNo">202</span><a id="line.202"> uri = uri.substring(index + TOKEN.length());</a>
<span class="sourceLineNo">203</span><a id="line.203"></a>
<span class="sourceLineNo">204</span><a id="line.204"> index = uri.indexOf(';'); //strip off any remaining segment params:</a>
<span class="sourceLineNo">205</span><a id="line.205"> if(index &gt;= 0) {</a>
<span class="sourceLineNo">206</span><a id="line.206"> uri = uri.substring(0, index);</a>
<span class="sourceLineNo">207</span><a id="line.207"> }</a>
<span class="sourceLineNo">208</span><a id="line.208"></a>
<span class="sourceLineNo">209</span><a id="line.209"> return uri; //what remains is the value</a>
<span class="sourceLineNo">210</span><a id="line.210"> }</a>
<span class="sourceLineNo">211</span><a id="line.211"></a>
<span class="sourceLineNo">212</span><a id="line.212"> //since 1.2.1</a>
<span class="sourceLineNo">213</span><a id="line.213"> private String getSessionIdName() {</a>
<span class="sourceLineNo">214</span><a id="line.214"> String name = this.sessionIdCookie != null ? this.sessionIdCookie.getName() : null;</a>
<span class="sourceLineNo">215</span><a id="line.215"> if (name == null) {</a>
<span class="sourceLineNo">216</span><a id="line.216"> name = ShiroHttpSession.DEFAULT_SESSION_ID_NAME;</a>
<span class="sourceLineNo">217</span><a id="line.217"> }</a>
<span class="sourceLineNo">218</span><a id="line.218"> return name;</a>
<span class="sourceLineNo">219</span><a id="line.219"> }</a>
<span class="sourceLineNo">220</span><a id="line.220"></a>
<span class="sourceLineNo">221</span><a id="line.221"> protected Session createExposedSession(Session session, SessionContext context) {</a>
<span class="sourceLineNo">222</span><a id="line.222"> if (!WebUtils.isWeb(context)) {</a>
<span class="sourceLineNo">223</span><a id="line.223"> return super.createExposedSession(session, context);</a>
<span class="sourceLineNo">224</span><a id="line.224"> }</a>
<span class="sourceLineNo">225</span><a id="line.225"> ServletRequest request = WebUtils.getRequest(context);</a>
<span class="sourceLineNo">226</span><a id="line.226"> ServletResponse response = WebUtils.getResponse(context);</a>
<span class="sourceLineNo">227</span><a id="line.227"> SessionKey key = new WebSessionKey(session.getId(), request, response);</a>
<span class="sourceLineNo">228</span><a id="line.228"> return new DelegatingSession(this, key);</a>
<span class="sourceLineNo">229</span><a id="line.229"> }</a>
<span class="sourceLineNo">230</span><a id="line.230"></a>
<span class="sourceLineNo">231</span><a id="line.231"> protected Session createExposedSession(Session session, SessionKey key) {</a>
<span class="sourceLineNo">232</span><a id="line.232"> if (!WebUtils.isWeb(key)) {</a>
<span class="sourceLineNo">233</span><a id="line.233"> return super.createExposedSession(session, key);</a>
<span class="sourceLineNo">234</span><a id="line.234"> }</a>
<span class="sourceLineNo">235</span><a id="line.235"></a>
<span class="sourceLineNo">236</span><a id="line.236"> ServletRequest request = WebUtils.getRequest(key);</a>
<span class="sourceLineNo">237</span><a id="line.237"> ServletResponse response = WebUtils.getResponse(key);</a>
<span class="sourceLineNo">238</span><a id="line.238"> SessionKey sessionKey = new WebSessionKey(session.getId(), request, response);</a>
<span class="sourceLineNo">239</span><a id="line.239"> return new DelegatingSession(this, sessionKey);</a>
<span class="sourceLineNo">240</span><a id="line.240"> }</a>
<span class="sourceLineNo">241</span><a id="line.241"></a>
<span class="sourceLineNo">242</span><a id="line.242"> /**</a>
<span class="sourceLineNo">243</span><a id="line.243"> * Stores the Session's ID, usually as a Cookie, to associate with future requests.</a>
<span class="sourceLineNo">244</span><a id="line.244"> *</a>
<span class="sourceLineNo">245</span><a id="line.245"> * @param session the session that was just {@link #createSession created}.</a>
<span class="sourceLineNo">246</span><a id="line.246"> */</a>
<span class="sourceLineNo">247</span><a id="line.247"> @Override</a>
<span class="sourceLineNo">248</span><a id="line.248"> protected void onStart(Session session, SessionContext context) {</a>
<span class="sourceLineNo">249</span><a id="line.249"> super.onStart(session, context);</a>
<span class="sourceLineNo">250</span><a id="line.250"></a>
<span class="sourceLineNo">251</span><a id="line.251"> if (!WebUtils.isHttp(context)) {</a>
<span class="sourceLineNo">252</span><a id="line.252"> log.debug("SessionContext argument is not HTTP compatible or does not have an HTTP request/response " +</a>
<span class="sourceLineNo">253</span><a id="line.253"> "pair. No session ID cookie will be set.");</a>
<span class="sourceLineNo">254</span><a id="line.254"> return;</a>
<span class="sourceLineNo">255</span><a id="line.255"></a>
<span class="sourceLineNo">256</span><a id="line.256"> }</a>
<span class="sourceLineNo">257</span><a id="line.257"> HttpServletRequest request = WebUtils.getHttpRequest(context);</a>
<span class="sourceLineNo">258</span><a id="line.258"> HttpServletResponse response = WebUtils.getHttpResponse(context);</a>
<span class="sourceLineNo">259</span><a id="line.259"></a>
<span class="sourceLineNo">260</span><a id="line.260"> if (isSessionIdCookieEnabled()) {</a>
<span class="sourceLineNo">261</span><a id="line.261"> Serializable sessionId = session.getId();</a>
<span class="sourceLineNo">262</span><a id="line.262"> storeSessionId(sessionId, request, response);</a>
<span class="sourceLineNo">263</span><a id="line.263"> } else {</a>
<span class="sourceLineNo">264</span><a id="line.264"> log.debug("Session ID cookie is disabled. No cookie has been set for new session with id {}", session.getId());</a>
<span class="sourceLineNo">265</span><a id="line.265"> }</a>
<span class="sourceLineNo">266</span><a id="line.266"></a>
<span class="sourceLineNo">267</span><a id="line.267"> request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE);</a>
<span class="sourceLineNo">268</span><a id="line.268"> request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_IS_NEW, Boolean.TRUE);</a>
<span class="sourceLineNo">269</span><a id="line.269"> }</a>
<span class="sourceLineNo">270</span><a id="line.270"></a>
<span class="sourceLineNo">271</span><a id="line.271"> @Override</a>
<span class="sourceLineNo">272</span><a id="line.272"> public Serializable getSessionId(SessionKey key) {</a>
<span class="sourceLineNo">273</span><a id="line.273"> Serializable id = super.getSessionId(key);</a>
<span class="sourceLineNo">274</span><a id="line.274"> if (id == null &amp;&amp; WebUtils.isWeb(key)) {</a>
<span class="sourceLineNo">275</span><a id="line.275"> ServletRequest request = WebUtils.getRequest(key);</a>
<span class="sourceLineNo">276</span><a id="line.276"> ServletResponse response = WebUtils.getResponse(key);</a>
<span class="sourceLineNo">277</span><a id="line.277"> id = getSessionId(request, response);</a>
<span class="sourceLineNo">278</span><a id="line.278"> }</a>
<span class="sourceLineNo">279</span><a id="line.279"> return id;</a>
<span class="sourceLineNo">280</span><a id="line.280"> }</a>
<span class="sourceLineNo">281</span><a id="line.281"></a>
<span class="sourceLineNo">282</span><a id="line.282"> protected Serializable getSessionId(ServletRequest request, ServletResponse response) {</a>
<span class="sourceLineNo">283</span><a id="line.283"> return getReferencedSessionId(request, response);</a>
<span class="sourceLineNo">284</span><a id="line.284"> }</a>
<span class="sourceLineNo">285</span><a id="line.285"></a>
<span class="sourceLineNo">286</span><a id="line.286"> @Override</a>
<span class="sourceLineNo">287</span><a id="line.287"> protected void onExpiration(Session s, ExpiredSessionException ese, SessionKey key) {</a>
<span class="sourceLineNo">288</span><a id="line.288"> super.onExpiration(s, ese, key);</a>
<span class="sourceLineNo">289</span><a id="line.289"> onInvalidation(key);</a>
<span class="sourceLineNo">290</span><a id="line.290"> }</a>
<span class="sourceLineNo">291</span><a id="line.291"></a>
<span class="sourceLineNo">292</span><a id="line.292"> @Override</a>
<span class="sourceLineNo">293</span><a id="line.293"> protected void onInvalidation(Session session, InvalidSessionException ise, SessionKey key) {</a>
<span class="sourceLineNo">294</span><a id="line.294"> super.onInvalidation(session, ise, key);</a>
<span class="sourceLineNo">295</span><a id="line.295"> onInvalidation(key);</a>
<span class="sourceLineNo">296</span><a id="line.296"> }</a>
<span class="sourceLineNo">297</span><a id="line.297"></a>
<span class="sourceLineNo">298</span><a id="line.298"> private void onInvalidation(SessionKey key) {</a>
<span class="sourceLineNo">299</span><a id="line.299"> ServletRequest request = WebUtils.getRequest(key);</a>
<span class="sourceLineNo">300</span><a id="line.300"> if (request != null) {</a>
<span class="sourceLineNo">301</span><a id="line.301"> request.removeAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID);</a>
<span class="sourceLineNo">302</span><a id="line.302"> }</a>
<span class="sourceLineNo">303</span><a id="line.303"> if (WebUtils.isHttp(key)) {</a>
<span class="sourceLineNo">304</span><a id="line.304"> log.debug("Referenced session was invalid. Removing session ID cookie.");</a>
<span class="sourceLineNo">305</span><a id="line.305"> removeSessionIdCookie(WebUtils.getHttpRequest(key), WebUtils.getHttpResponse(key));</a>
<span class="sourceLineNo">306</span><a id="line.306"> } else {</a>
<span class="sourceLineNo">307</span><a id="line.307"> log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response " +</a>
<span class="sourceLineNo">308</span><a id="line.308"> "pair. Session ID cookie will not be removed due to invalidated session.");</a>
<span class="sourceLineNo">309</span><a id="line.309"> }</a>
<span class="sourceLineNo">310</span><a id="line.310"> }</a>
<span class="sourceLineNo">311</span><a id="line.311"></a>
<span class="sourceLineNo">312</span><a id="line.312"> @Override</a>
<span class="sourceLineNo">313</span><a id="line.313"> protected void onStop(Session session, SessionKey key) {</a>
<span class="sourceLineNo">314</span><a id="line.314"> super.onStop(session, key);</a>
<span class="sourceLineNo">315</span><a id="line.315"> if (WebUtils.isHttp(key)) {</a>
<span class="sourceLineNo">316</span><a id="line.316"> HttpServletRequest request = WebUtils.getHttpRequest(key);</a>
<span class="sourceLineNo">317</span><a id="line.317"> HttpServletResponse response = WebUtils.getHttpResponse(key);</a>
<span class="sourceLineNo">318</span><a id="line.318"> log.debug("Session has been stopped (subject logout or explicit stop). Removing session ID cookie.");</a>
<span class="sourceLineNo">319</span><a id="line.319"> removeSessionIdCookie(request, response);</a>
<span class="sourceLineNo">320</span><a id="line.320"> } else {</a>
<span class="sourceLineNo">321</span><a id="line.321"> log.debug("SessionKey argument is not HTTP compatible or does not have an HTTP request/response " +</a>
<span class="sourceLineNo">322</span><a id="line.322"> "pair. Session ID cookie will not be removed due to stopped session.");</a>
<span class="sourceLineNo">323</span><a id="line.323"> }</a>
<span class="sourceLineNo">324</span><a id="line.324"> }</a>
<span class="sourceLineNo">325</span><a id="line.325"></a>
<span class="sourceLineNo">326</span><a id="line.326"> /**</a>
<span class="sourceLineNo">327</span><a id="line.327"> * This is a native session manager implementation, so this method returns {@code false} always.</a>
<span class="sourceLineNo">328</span><a id="line.328"> *</a>
<span class="sourceLineNo">329</span><a id="line.329"> * @return {@code false} always</a>
<span class="sourceLineNo">330</span><a id="line.330"> * @since 1.2</a>
<span class="sourceLineNo">331</span><a id="line.331"> */</a>
<span class="sourceLineNo">332</span><a id="line.332"> public boolean isServletContainerSessions() {</a>
<span class="sourceLineNo">333</span><a id="line.333"> return false;</a>
<span class="sourceLineNo">334</span><a id="line.334"> }</a>
<span class="sourceLineNo">335</span><a id="line.335">}</a>
</pre>
</div>
</main>
</body>
</html>