CookieSessionTracker (web-audit Library 0.6.3 API)

Overview

Package

Class

Use

Tree

Deprecated

Index

Help

PREV CLASS NEXT CLASS

FRAMES NO FRAMES

SUMMARY: NESTED | FIELD | CONSTR | METHOD

DETAIL: FIELD | CONSTR | METHOD

org.jwall.web.audit.session
Class CookieSessionTracker

java.lang.Object
  org.jwall.web.audit.session.AbstractSessionTracker
      org.jwall.web.audit.session.CookieSessionTracker

All Implemented Interfaces:: EventListener<AuditEvent>, AuditEventListener, SessionTracker

public class CookieSessionTracker
extends AbstractSessionTracker
extends AbstractSessionTracker

This tracker creates a session-context wrt to a specific session-cookie. Sessions are only created by events that contain a Set-Cookie header, thus this tracker is somewhat immune to session-fixation.

Author:: Christian Bockermann <chris@jwall.org>

Constructor Summary
`CookieSessionTracker(String cookieName)` This tracker creates sessions on behalf of a id sent in the request-cookie names `cookieName`.

Method Summary
`void`	`expireSession(Session s)` Expire the session as normally, but also remove the session-id from the valid-list.
`String`	`extractKey(AuditEvent evt)` This method extracts the session-id that is sent in this event within the cookie, identified by `sessionCookie`.
`String`	`toString()` This method returns a string of all events grouped by their session-id.

Methods inherited from class org.jwall.web.audit.session.AbstractSessionTracker
`eventArrived, eventsArrived, getSession, getSessions, getSessionTimeOut, isExpired, reset, setSessionTimeOut, setStrictSessions, usesStrictSessions`

Methods inherited from class java.lang.Object
`equals, getClass, hashCode, notify, notifyAll, wait, wait, wait`

Constructor Detail

CookieSessionTracker

public CookieSessionTracker(String cookieName)

This tracker creates sessions on behalf of a id sent in the request-cookie names cookieName.

Parameters:: cookieName - The name of the session-cookie.

Method Detail

extractKey

public String extractKey(AuditEvent evt)

This method extracts the session-id that is sent in this event within the cookie, identified by sessionCookie.

Specified by:: extractKey in class AbstractSessionTracker

Parameters:: evt - The AuditEvent from which the session-id is to be extracted.
Returns:: The id of the session associated with this event.

expireSession

public void expireSession(Session s)

Expire the session as normally, but also remove the session-id from the valid-list.

Parameters:: s - The session to expire.

toString

public String toString()

Description copied from class: AbstractSessionTracker

This method returns a string of all events grouped by their session-id.

Overrides:: toString in class AbstractSessionTracker

Returns:: A string holding all sessions