*
* @since 3.0
* $Id$
- * TODO SERVLET3
*/
public class SessionCookieConfig {
private String domain;
private boolean httpOnly;
private boolean secure;
+ /**
+ *
+ * @param domain Domain to use for session cookies generated for a
+ * {@link ServletContext} in which this
+ * {@link SessionCookieConfig} has been set
+ * @param path Path to use for session cookies generated for a
+ * {@link ServletContext} in which this
+ * {@link SessionCookieConfig} has been set. If null
+ * {@link ServletContext#getContextPath()} is used
+ * @param comment Comment to use for session cookies generated for a
+ * {@link ServletContext} in which this
+ * {@link SessionCookieConfig} has been set
+ * @param isHttpOnly HttpOnly flag to use for session cookies generated for
+ * a {@link ServletContext} in which this
+ * {@link SessionCookieConfig} has been set
+ * @param isSecure If <code>true</code>, the cookie will always be marked
+ * as secure. If <code>false</code> the cookie will only
+ * be marked as secure if the request is secure.
+ */
public SessionCookieConfig(String domain, String path, String comment,
boolean isHttpOnly, boolean isSecure) {
this.domain = domain;
import javax.servlet.ServletRequestAttributeEvent;
import javax.servlet.ServletRequestAttributeListener;
import javax.servlet.ServletResponse;
+import javax.servlet.SessionCookieConfig;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import javax.servlet.http.HttpSession;
Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
session.getIdInternal());
configureSessionCookie(cookie);
- response.addCookieInternal(cookie, manager.getUseHttpOnly());
+ response.addCookieInternal(cookie);
}
if (session != null) {
* @param cookie The JSESSIONID cookie to be configured
*/
protected void configureSessionCookie(Cookie cookie) {
+ SessionCookieConfig scc =
+ context.getServletContext().getSessionCookieConfig();
+
cookie.setMaxAge(-1);
- String contextPath = null;
- if (!connector.getEmptySessionPath() && (getContext() != null)) {
- contextPath = getContext().getEncodedPath();
+
+ if (scc != null) {
+ cookie.setComment(scc.getComment());
}
- if ((contextPath != null) && (contextPath.length() > 0)) {
- cookie.setPath(contextPath);
- } else {
- cookie.setPath("/");
+
+ if (scc != null) {
+ cookie.setDomain(scc.getDomain());
}
- if (isSecure()) {
+
+ if ((scc != null && scc.isSecure()) || isSecure()) {
cookie.setSecure(true);
}
+
+ if ((scc != null && scc.isHttpOnly()) ||
+ context.getManager().getUseHttpOnly()) {
+ cookie.setHttpOnly(true);
+ }
+
+ if (!connector.getEmptySessionPath() &&
+ scc != null && scc.getPath() != null) {
+ cookie.setPath(scc.getPath());
+ } else {
+ String contextPath = null;
+ if (!connector.getEmptySessionPath() && (getContext() != null)) {
+ contextPath = getContext().getEncodedPath();
+ }
+ if ((contextPath != null) && (contextPath.length() > 0)) {
+ cookie.setPath(contextPath);
+ } else {
+ cookie.setPath("/");
+ }
+ }
}
protected String unescape(String s) {
* Add the specified Cookie to those that will be included with
* this Response.
*
- * @param cookie Cookie to be added
- */
- public void addCookieInternal(final Cookie cookie) {
- addCookieInternal(cookie, false);
- }
-
- /**
- * Add the specified Cookie to those that will be included with
- * this Response.
- *
* @param cookie Cookie to be added
- * @param httpOnly Should the httpOnly falg be set on this cookie
*/
- public void addCookieInternal(final Cookie cookie, final boolean httpOnly) {
+ public void addCookieInternal(final Cookie cookie) {
if (isCommitted())
return;
cookie.getValue(), cookie.getPath(),
cookie.getDomain(), cookie.getComment(),
cookie.getMaxAge(), cookie.getSecure(),
- httpOnly);
+ cookie.isHttpOnly());
return null;
}
});
ServerCookie.appendCookieValue
(sb, cookie.getVersion(), cookie.getName(), cookie.getValue(),
cookie.getPath(), cookie.getDomain(), cookie.getComment(),
- cookie.getMaxAge(), cookie.getSecure(), httpOnly);
+ cookie.getMaxAge(), cookie.getSecure(),
+ cookie.isHttpOnly());
}
//if we reached here, no exception, cookie is valid
// the header name is Set-Cookie for both "old" and v.1 ( RFC2109 )
new ThreadLocal<DispatchData>();
+ /**
+ * Session Cookie config
+ */
+ private SessionCookieConfig sessionCookieConfig;
+
// --------------------------------------------------------- Public Methods
public SessionCookieConfig getSessionCookieConfig() {
- // TODO SERVLET3
- return null;
+ return sessionCookieConfig;
}
public void setSessionCookieConfig(SessionCookieConfig sessionCookieConfig) {
- // TODO SERVLET3
+ this.sessionCookieConfig = sessionCookieConfig;
}
projects / tomcat7.0 / commitdiff