Package me.geso.avans.session
Class DefaultWebSessionManager
java.lang.Object
me.geso.avans.session.DefaultWebSessionManager
- All Implemented Interfaces:
WebSessionManager
-
Constructor Summary
ConstructorsConstructorDescriptionDefaultWebSessionManager(javax.servlet.http.HttpServletRequest request, WebSessionStore sessionStore, SessionIDGenerator sessionIDGenerator, SessionCookieFactory sessionCookieFactory, XSRFTokenCookieFactory xsrfTokenCookieFactory) -
Method Summary
Modifier and TypeMethodDescriptionvoidChange session ID.
This method is required for defending from session fixation attack.voidexpire()Expire current session.Get Long value from current Session.Get sesion IDGet String value from current session.voidRemove data from the storage.voidresponseFilter(me.geso.webscrew.response.WebResponse response) This method may inject Cookie header to the session object.voidSetLongvalue to the current session.voidSet String value to current session.booleanvalidateXSRFToken(String xsrfToken) Validate xsrf token.
-
Constructor Details
-
DefaultWebSessionManager
public DefaultWebSessionManager(javax.servlet.http.HttpServletRequest request, WebSessionStore sessionStore, SessionIDGenerator sessionIDGenerator, SessionCookieFactory sessionCookieFactory, XSRFTokenCookieFactory xsrfTokenCookieFactory)
-
-
Method Details
-
getSessionId
Description copied from interface:WebSessionManagerGet sesion ID- Specified by:
getSessionIdin interfaceWebSessionManager
-
setString
Description copied from interface:WebSessionManagerSet String value to current session.- Specified by:
setStringin interfaceWebSessionManager
-
setLong
Description copied from interface:WebSessionManagerSetLongvalue to the current session.- Specified by:
setLongin interfaceWebSessionManager
-
getString
Description copied from interface:WebSessionManagerGet String value from current session.- Specified by:
getStringin interfaceWebSessionManager- Returns:
-
getLong
Description copied from interface:WebSessionManagerGet Long value from current Session.- Specified by:
getLongin interfaceWebSessionManager- Returns:
-
remove
Description copied from interface:WebSessionManagerRemove data from the storage.- Specified by:
removein interfaceWebSessionManager
-
validateXSRFToken
Validate xsrf token.- Specified by:
validateXSRFTokenin interfaceWebSessionManager- Parameters:
xsrfToken- xsrf token from http servlet request. This value is nullable.- Returns:
- true if the xsrf token is valid or session doesn't have a previous data. false otherwise.
-
responseFilter
public void responseFilter(me.geso.webscrew.response.WebResponse response) Description copied from interface:WebSessionManagerThis method may inject Cookie header to the session object.- Specified by:
responseFilterin interfaceWebSessionManager
-
getXSRFToken
- Specified by:
getXSRFTokenin interfaceWebSessionManager
-
expire
public void expire()Description copied from interface:WebSessionManagerExpire current session. Session manager impl will remove the data from storage.- Specified by:
expirein interfaceWebSessionManager
-
changeSessionId
public void changeSessionId()Description copied from interface:WebSessionManagerChange session ID.
This method is required for defending from session fixation attack.- Specified by:
changeSessionIdin interfaceWebSessionManager
-