import javax.servlet.ServletRequestAttributeEvent;
import javax.servlet.ServletRequestAttributeListener;
import javax.servlet.ServletResponse;
-import javax.servlet.SessionCookieConfig;
import javax.servlet.SessionTrackingMode;
import javax.servlet.http.Cookie;
import javax.servlet.http.HttpServletRequest;
import org.apache.catalina.Realm;
import org.apache.catalina.Session;
import org.apache.catalina.Wrapper;
+import org.apache.catalina.core.ApplicationSessionCookieConfig;
import org.apache.catalina.core.AsyncContextImpl;
import org.apache.catalina.realm.GenericPrincipal;
import org.apache.catalina.util.Enumerator;
&& getContext().getServletContext().
getEffectiveSessionTrackingModes().contains(
SessionTrackingMode.COOKIE)) {
- Cookie cookie = new Cookie(Globals.SESSION_COOKIE_NAME,
- session.getIdInternal());
- configureSessionCookie(cookie);
+ Cookie cookie =
+ ApplicationSessionCookieConfig.createSessionCookie(
+ context.getServletContext().getSessionCookieConfig(),
+ session.getIdInternal(),
+ isSecure(),
+ context.getUseHttpOnly(),
+ connector.getEmptySessionPath(),
+ context.getEncodedPath());
+
response.addCookieInternal(cookie);
}
}
- /**
- * Configures the given JSESSIONID cookie.
- *
- * @param cookie The JSESSIONID cookie to be configured
- */
- protected void configureSessionCookie(Cookie cookie) {
- SessionCookieConfig scc =
- context.getServletContext().getSessionCookieConfig();
-
- cookie.setMaxAge(-1);
-
- if (scc != null) {
- cookie.setComment(scc.getComment());
- }
-
- if (scc != null) {
- cookie.setDomain(scc.getDomain());
- }
-
- if ((scc != null && scc.isSecure()) || isSecure()) {
- cookie.setSecure(true);
- }
-
- if ((scc != null && scc.isHttpOnly()) ||
- context.getUseHttpOnly()) {
- cookie.setHttpOnly(true);
- }
-
- if (!connector.getEmptySessionPath() &&
- scc != null && scc.getPath() != null) {
- cookie.setPath(scc.getPath());
- } else {
- String contextPath = null;
- if (!connector.getEmptySessionPath() && (getContext() != null)) {
- contextPath = getContext().getEncodedPath();
- }
- if ((contextPath != null) && (contextPath.length() > 0)) {
- cookie.setPath(contextPath);
- } else {
- cookie.setPath("/");
- }
- }
- }
-
protected String unescape(String s) {
if (s==null) return null;
if (s.indexOf('\\') == -1) return s;
/**
* Session Cookie config
*/
- private SessionCookieConfig sessionCookieConfig;
+ private SessionCookieConfig sessionCookieConfig =
+ new ApplicationSessionCookieConfig();
/**
* Session tracking modes
--- /dev/null
+/*
+ * Licensed to the Apache Software Foundation (ASF) under one or more
+ * contributor license agreements. See the NOTICE file distributed with
+ * this work for additional information regarding copyright ownership.
+ * The ASF licenses this file to You under the Apache License, Version 2.0
+ * (the "License"); you may not use this file except in compliance with
+ * the License. You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+
+package org.apache.catalina.core;
+
+import javax.servlet.SessionCookieConfig;
+import javax.servlet.http.Cookie;
+
+import org.apache.catalina.Globals;
+
+public class ApplicationSessionCookieConfig implements SessionCookieConfig {
+
+ private boolean httpOnly;
+ private boolean secure;
+ private int maxAge = -1;
+ private String comment;
+ private String domain;
+ private String name;
+ private String path;
+
+ @Override
+ public String getComment() {
+ return comment;
+ }
+
+ @Override
+ public String getDomain() {
+ return domain;
+ }
+
+ @Override
+ public int getMaxAge() {
+ return maxAge;
+ }
+
+ @Override
+ public String getName() {
+ return name;
+ }
+
+ @Override
+ public String getPath() {
+ return path;
+ }
+
+ @Override
+ public boolean isHttpOnly() {
+ return httpOnly;
+ }
+
+ @Override
+ public boolean isSecure() {
+ return secure;
+ }
+
+ @Override
+ public void setComment(String comment) {
+ this.comment = comment;
+ }
+
+ @Override
+ public void setDomain(String domain) {
+ this.domain = domain;
+ }
+
+ @Override
+ public void setHttpOnly(boolean httpOnly) {
+ this.httpOnly = httpOnly;
+ }
+
+ @Override
+ public void setMaxAge(int maxAge) {
+ this.maxAge = maxAge;
+ }
+
+ @Override
+ public void setName(String name) {
+ this.name = name;
+ }
+
+ @Override
+ public void setPath(String path) {
+ this.path = path;
+ }
+
+ @Override
+ public void setSecure(boolean secure) {
+ this.secure = secure;
+ }
+
+ /**
+ * Creates a new session cookie for the given session ID
+ *
+ * @param scc The default session cookie configuration
+ * @param sessionId The ID of the session for which the cookie will be
+ * created
+ * @param secure Should session cookie be configured as secure
+ * @param httpOnly Should session cookie be configured as httpOnly
+ * @param emptyPath Should session cookie be configured with empty path
+ * @param contextPath Context path to use if required
+ */
+ public static Cookie createSessionCookie(SessionCookieConfig scc,
+ String sessionId, boolean secure, boolean httpOnly,
+ boolean emptyPath, String contextPath) {
+
+ // Session config can over-ride default name
+ String cookieName = scc.getName();
+ if (cookieName == null) {
+ cookieName = Globals.SESSION_COOKIE_NAME;
+ }
+ Cookie cookie = new Cookie(cookieName, sessionId);
+
+ // Just apply the defaults.
+ cookie.setMaxAge(scc.getMaxAge());
+ cookie.setComment(scc.getComment());
+ // Avoid possible NPE
+ if (scc.getDomain() != null) {
+ cookie.setDomain(scc.getDomain());
+ }
+
+ // Always set secure if the request is secure
+ if (scc.isSecure() || secure) {
+ cookie.setSecure(true);
+ }
+
+ // Always set httpOnly if the context is configured for that
+ if (scc.isHttpOnly() || httpOnly) {
+ cookie.setHttpOnly(true);
+ }
+
+ // Don't set the path if the connector is configured to over-ride
+ if (!emptyPath && scc.getPath() != null) {
+ cookie.setPath(scc.getPath());
+ } else {
+ if (!emptyPath && contextPath != null && (contextPath.length() > 0)) {
+ cookie.setPath(contextPath);
+ } else {
+ cookie.setPath("/");
+ }
+ }
+ return cookie;
+ }
+
+
+}
import org.apache.catalina.Container;
import org.apache.catalina.Context;
import org.apache.catalina.Engine;
-import org.apache.catalina.Globals;
import org.apache.catalina.Host;
import org.apache.catalina.Lifecycle;
import org.apache.catalina.LifecycleException;
import org.apache.catalina.ha.session.DeltaSession;
import org.apache.catalina.connector.Request;
import org.apache.catalina.connector.Response;
+import org.apache.catalina.core.ApplicationSessionCookieConfig;
import org.apache.catalina.session.ManagerBase;
import org.apache.catalina.session.PersistentManager;
import org.apache.catalina.util.LifecycleSupport;
}
/**
- * Sets a new cookie for the given session id and response and see
- * {@link org.apache.catalina.connector.Request#configureSessionCookie(javax.servlet.http.Cookie)}
+ * Sets a new cookie for the given session id and response
*
* @param request current request
* @param response Tomcat Response
if (context.getServletContext().getEffectiveSessionTrackingModes()
.contains(SessionTrackingMode.COOKIE)) {
// set a new session cookie
- Cookie newCookie = new Cookie(Globals.SESSION_COOKIE_NAME,
- sessionId);
- newCookie.setMaxAge(-1);
- String contextPath = null;
- if (!response.getConnector().getEmptySessionPath()
- && (context != null)) {
- contextPath = context.getEncodedPath();
- }
- if ((contextPath != null) && (contextPath.length() > 0)) {
- newCookie.setPath(contextPath);
- } else {
- newCookie.setPath("/");
- }
- if (request.isSecure()) {
- newCookie.setSecure(true);
- }
+ Cookie newCookie =
+ ApplicationSessionCookieConfig.createSessionCookie(
+ context.getServletContext().getSessionCookieConfig(),
+ sessionId,
+ request.isSecure(),
+ context.getUseHttpOnly(),
+ response.getConnector().getEmptySessionPath(),
+ context.getEncodedPath());
+
if (log.isDebugEnabled()) {
log.debug(sm.getString("jvmRoute.newSessionCookie",
- sessionId, Globals.SESSION_COOKIE_NAME, newCookie
- .getPath(), new Boolean(newCookie
- .getSecure())));
+ sessionId, newCookie.getName(), newCookie.getPath(),
+ Boolean.valueOf(newCookie.getSecure()),
+ Boolean.valueOf(newCookie.isHttpOnly())));
}
response.addCookie(newCookie);
}
jvmRoute.listener.stopped=SessionID Binder Listener stopped
jvmRoute.lostSession=Lost Session [{0}] at path [{1}]
jvmRoute.missingJvmRouteAttribute=No engine jvmRoute attribute configured!
-jvmRoute.newSessionCookie=Setting cookie with session id [{0}] name: [{1}] path: [{2}] secure: [{3}]
+jvmRoute.newSessionCookie=Setting cookie with session id [{0}] name: [{1}] path: [{2}] secure: [{3}] httpOnly: [{4}]
jvmRoute.noCluster=The JvmRouterBinderValve is configured, but clustering is not being used. Fail over will still work, providing a PersistentManager is used.
jvmRoute.notFoundManager=Not found Cluster DeltaManager {0} at {1}
jvmRoute.receiveMessage.sessionIDChanged=Cluster JvmRouteSessionIDBinderListener received orginal session ID [{0}] set to new id [{1}] for context path [{2}]
jvmRoute.listener.stopped = Parado Oyente Ligador de SessionID
jvmRoute.lostSession = Perdida Sesi\u00F3n [{0}] en ruta [{1}]
jvmRoute.missingJvmRouteAttribute = \u00A1No se ha configurado atributo de motor jvmRoute\!
-jvmRoute.newSessionCookie = Poniendo cookie con id de sesi\u00F3n [{0}] nombre\: [{1}] ruta\: [{2}] seguro\: [{3}]
+jvmRoute.newSessionCookie = Poniendo cookie con id de sesi\u00F3n [{0}] nombre\: [{1}] ruta\: [{2}] seguro\: [{3}] httpOnly\: [{4}]
jvmRoute.notFoundManager = No hallado Cl\u00FAster DeltaManager {0} en {1}
jvmRoute.receiveMessage.sessionIDChanged = Cl\u00FAster JvmRouteSessionIDBinderListener recibi\u00F3 ID original de sesi\u00F3n [{0}] puesto a nuevo id [{1}] para la ruta de contexto [{2}]
jvmRoute.run.already = receptor jvmRoute SessionID ya ejecutado
projects / tomcat7.0 / commitdiff