Example 1 with Session
use of org.eclipse.jetty.server.session.Session in project blade by biezhi.
the class LoginAuthenticator method renewSession.
/* ------------------------------------------------------------ */
/** Change the session id.
* The session is changed to a new instance with a new ID if and only if:<ul>
* <li>A session exists.
* <li>The {@link AuthConfiguration#isSessionRenewedOnAuthentication()} returns true.
* <li>The session ID has been given to unauthenticated responses
* </ul>
* @param request the request
* @param response the response
* @return The new session.
*/
protected HttpSession renewSession(HttpServletRequest request, HttpServletResponse response) {
HttpSession httpSession = request.getSession(false);
if (_renewSession && httpSession != null) {
synchronized (httpSession) {
//(indicated by SESSION_SECURED not being set on the session) then we should change id
if (httpSession.getAttribute(Session.SESSION_CREATED_SECURE) != Boolean.TRUE) {
if (httpSession instanceof Session) {
Session s = (Session) httpSession;
String oldId = s.getId();
s.renewId(request);
s.setAttribute(Session.SESSION_CREATED_SECURE, Boolean.TRUE);
if (s.isIdChanged() && response != null && (response instanceof Response))
((Response) response).addCookie(s.getSessionHandler().getSessionCookie(s, request.getContextPath(), request.isSecure()));
LOG.debug("renew {}->{}", oldId, s.getId());
} else
LOG.warn("Unable to renew session " + httpSession);
return httpSession;
}
}
}
return httpSession;
}
Also used :
Response(org.eclipse.jetty.server.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HttpSession(javax.servlet.http.HttpSession)
HttpSession(javax.servlet.http.HttpSession)
Session(org.eclipse.jetty.server.session.Session)
Example 2 with Session
use of org.eclipse.jetty.server.session.Session in project jetty.project by eclipse.
the class LoginAuthenticator method renewSession.
/* ------------------------------------------------------------ */
/** Change the session id.
* The session is changed to a new instance with a new ID if and only if:<ul>
* <li>A session exists.
* <li>The {@link org.eclipse.jetty.security.Authenticator.AuthConfiguration#isSessionRenewedOnAuthentication()} returns true.
* <li>The session ID has been given to unauthenticated responses
* </ul>
* @param request the request
* @param response the response
* @return The new session.
*/
protected HttpSession renewSession(HttpServletRequest request, HttpServletResponse response) {
HttpSession httpSession = request.getSession(false);
if (_renewSession && httpSession != null) {
synchronized (httpSession) {
//(indicated by SESSION_SECURED not being set on the session) then we should change id
if (httpSession.getAttribute(Session.SESSION_CREATED_SECURE) != Boolean.TRUE) {
if (httpSession instanceof Session) {
Session s = (Session) httpSession;
String oldId = s.getId();
s.renewId(request);
s.setAttribute(Session.SESSION_CREATED_SECURE, Boolean.TRUE);
if (s.isIdChanged() && response != null && (response instanceof Response))
((Response) response).addCookie(s.getSessionHandler().getSessionCookie(s, request.getContextPath(), request.isSecure()));
LOG.debug("renew {}->{}", oldId, s.getId());
} else
LOG.warn("Unable to renew session " + httpSession);
return httpSession;
}
}
}
return httpSession;
}
Also used :
Response(org.eclipse.jetty.server.Response)
HttpServletResponse(javax.servlet.http.HttpServletResponse)
HttpSession(javax.servlet.http.HttpSession)
HttpSession(javax.servlet.http.HttpSession)
Session(org.eclipse.jetty.server.session.Session)
Example 3 with Session
use of org.eclipse.jetty.server.session.Session in project jetty.project by eclipse.
the class Request method changeSessionId.
/* ------------------------------------------------------------ */
@Override
public String changeSessionId() {
HttpSession session = getSession(false);
if (session == null)
throw new IllegalStateException("No session");
if (session instanceof Session) {
Session s = ((Session) session);
s.renewId(this);
if (getRemoteUser() != null)
s.setAttribute(Session.SESSION_CREATED_SECURE, Boolean.TRUE);
if (s.isIdChanged())
_channel.getResponse().addCookie(_sessionHandler.getSessionCookie(s, getContextPath(), isSecure()));
}
return session.getId();
}
Also used :
HttpSession(javax.servlet.http.HttpSession)
HttpSession(javax.servlet.http.HttpSession)
Session(org.eclipse.jetty.server.session.Session)
Aggregations
HttpSession (javax.servlet.http.HttpSession)3
Session (org.eclipse.jetty.server.session.Session)3
HttpServletResponse (javax.servlet.http.HttpServletResponse)2
Response (org.eclipse.jetty.server.Response)2
