Class SessionFilter
This Filter works by first examining the request as a handler. If the request contains an ID, either in the "browser cookie" or written into the URL, the session ID is extracted. In the id-in-the-url case, the ID is removed from the URL. When called later as a filter, the SessionFilter rewrites all relevent URL's in the page to incorporate the ID.
If an ID can't be found either in the cookie or URL, a couple the session creation sequence starts. First, the browser is send a "set-cookie" request along with a redirect that contains the cookie value encoded into the redirected URL. When the browser follows the redirect, the request is examined to se if the cookie value was sent. If so, the browser is redirected back to the original URL, and normal "cookie" processing takes place. If no cookie is found, the browser is redirected back to the original URL, modified to embed the ID into it, and normal URL session rewriting takes place.
The following server properties are used:
- cookie
- The name of the cookie to use (defaults to "cookie"). If the name is "none", then no cookies are used. Instead, session rewriting will occur for every session.
- session
- The name of the request property that the Session ID will be stored in, to be passed to downstream handler. The default value is "SessionID". If the session property is set, and not empty, then no processing is done.
- persist
- If set, cookies persist across browser sessions. If cookies are disabled, no persistence is available.
- cookiePrefix
- The URL prefix for which the cookie applies. Defaults to "/".
- suffix
- A regular expression that matches url suffix we process.
Defaults to
html|xml|txt
.
- gotCookie
- An id was retrieved out of a cookie header
- UrlID
- Set to the string tacked onto the end of each URL, if session ID's are managed by URL rewriting. If cookies are used, this is set to the empty string.
- Version:
- 2.4
- Author:
- Stephen Uhler
-
Field Summary
Fields -
Constructor Summary
Constructors -
Method Summary
Modifier and TypeMethodDescriptionbyte[]
filter
(Request request, MimeHeaders headers, byte[] content) Rewrite all the url's, adding the session id to the endboolean
Initializes the handler.boolean
This is called by the filterHandler before the content generation step.boolean
shouldFilter
(Request request, MimeHeaders headers) We have the results, only filter if html and we're rewriting
-
Field Details
-
session
-
cookieName
-
urlSep
-
redirectToken
-
encoding
-
persist
public boolean persist
-
-
Constructor Details
-
SessionFilter
public SessionFilter()
-
-
Method Details
-
init
Description copied from interface:Handler
Initializes the handler.- Specified by:
init
in interfaceHandler
- Parameters:
server
- The HTTP server that created thisHandler
. TypicalHandler
s will useServer.props
to obtain run-time configuration information.propsPrefix
- The handlers name. The string thisHandler
may prepend to all of the keys that it uses to extract configuration information fromServer.props
. This is set (by theServer
andChainHandler
) to help avoid configuration parameter namespace collisions.- Returns:
true
if thisHandler
initialized successfully,false
otherwise. Iffalse
is returned, thisHandler
should not be used.
-
respond
This is called by the filterHandler before the content generation step. It is responsible for extracting the session information, then (if required) restoring the URL's to their original form. It tries relatively hard to use cookies if they are available through a series or redirects.- Specified by:
respond
in interfaceHandler
- Parameters:
request
- TheRequest
object that represents the HTTP request.- Returns:
true
if the request was handled. A request was handled if a response was supplied to the client, typically by callingRequest.sendResponse()
orRequest.sendError
.- Throws:
IOException
- if there was an I/O error while sending the response to the client. Typically, in that case, theServer
will (try to) send an error message to the client and then close the client's connection.The
IOException
should not be used to silently ignore problems such as being unable to access some server-side resource (for example getting aFileNotFoundException
due to not being able to open a file). In that case, theHandler
's duty is to turn thatIOException
into a HTTP response indicating, in this case, that a file could not be found.
-
shouldFilter
We have the results, only filter if html and we're rewriting- Specified by:
shouldFilter
in interfaceFilter
- Parameters:
request
- The in-progress HTTP request.headers
- The MIME headers generated by the wrappedHandler
.- Returns:
true
if this filter would like to examine and possibly rewrite the content,false
otherwise.
-
filter
Rewrite all the url's, adding the session id to the end- Specified by:
filter
in interfaceFilter
- Parameters:
request
- The finished HTTP request.headers
- The MIME headers generated by theHandler
.content
- The output from theHandler
that thisFilter
may rewrite.- Returns:
- The rewritten content. The
Filter
may return the originalcontent
unchanged. TheFilter
may returnnull
to indicate that theFilterHandler
should stop processing the request and should not return any content to the client.
-