-
ApplicationSessionCookieConfig
-
sm: StringManager
-
httpOnly: boolean
-
secure: boolean
-
maxAge: int
-
comment: String
-
domain: String
-
name: String
-
path: String
-
context: StandardContext
-
ApplicationSessionCookieConfig(StandardContext): void
-
getComment(): String
-
getDomain(): String
-
getMaxAge(): int
-
getName(): String
-
getPath(): String
-
isHttpOnly(): boolean
-
isSecure(): boolean
-
setComment(String): void
-
setDomain(String): void
-
setHttpOnly(boolean): void
-
setMaxAge(int): void
-
setName(String): void
-
setPath(String): void
-
setSecure(boolean): void
-
createSessionCookie(Context, String, boolean): Cookie
-
https://tomcat.apache.org/: Tomcat Servlet Engine Core Classes and Standard implementations
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina.core;
import jakarta.servlet.SessionCookieConfig;
import jakarta.servlet.http.Cookie;
import org.apache.catalina.Context;
import org.apache.catalina.LifecycleState;
import org.apache.catalina.util.SessionConfig;
import org.apache.tomcat.util.res.StringManager;
public class ApplicationSessionCookieConfig implements SessionCookieConfig {
The string manager for this package.
/**
* The string manager for this package.
*/
private static final StringManager sm = StringManager
.getManager(Constants.Package);
private boolean httpOnly;
private boolean secure;
private int maxAge = -1;
private String comment;
private String domain;
private String name;
private String path;
private StandardContext context;
public ApplicationSessionCookieConfig(StandardContext context) {
this.context = context;
}
@Override
public String getComment() {
return comment;
}
@Override
public String getDomain() {
return domain;
}
@Override
public int getMaxAge() {
return maxAge;
}
@Override
public String getName() {
return name;
}
@Override
public String getPath() {
return path;
}
@Override
public boolean isHttpOnly() {
return httpOnly;
}
@Override
public boolean isSecure() {
return secure;
}
@Override
public void setComment(String comment) {
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationSessionCookieConfig.ise", "comment",
context.getPath()));
}
this.comment = comment;
}
@Override
public void setDomain(String domain) {
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationSessionCookieConfig.ise", "domain name",
context.getPath()));
}
this.domain = domain;
}
@Override
public void setHttpOnly(boolean httpOnly) {
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationSessionCookieConfig.ise", "HttpOnly",
context.getPath()));
}
this.httpOnly = httpOnly;
}
@Override
public void setMaxAge(int maxAge) {
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationSessionCookieConfig.ise", "max age",
context.getPath()));
}
this.maxAge = maxAge;
}
@Override
public void setName(String name) {
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationSessionCookieConfig.ise", "name",
context.getPath()));
}
this.name = name;
}
@Override
public void setPath(String path) {
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationSessionCookieConfig.ise", "path",
context.getPath()));
}
this.path = path;
}
@Override
public void setSecure(boolean secure) {
if (!context.getState().equals(LifecycleState.STARTING_PREP)) {
throw new IllegalStateException(sm.getString(
"applicationSessionCookieConfig.ise", "secure",
context.getPath()));
}
this.secure = secure;
}
Creates a new session cookie for the given session ID
Params: - context – The Context for the web application
- sessionId – The ID of the session for which the cookie will be
created
- secure – Should session cookie be configured as secure
Returns: the cookie for the session
/**
* Creates a new session cookie for the given session ID
*
* @param context The Context for the web application
* @param sessionId The ID of the session for which the cookie will be
* created
* @param secure Should session cookie be configured as secure
* @return the cookie for the session
*/
public static Cookie createSessionCookie(Context context,
String sessionId, boolean secure) {
SessionCookieConfig scc =
context.getServletContext().getSessionCookieConfig();
// NOTE: The priority order for session cookie configuration is:
// 1. Context level configuration
// 2. Values from SessionCookieConfig
// 3. Defaults
Cookie cookie = new Cookie(
SessionConfig.getSessionCookieName(context), sessionId);
// Just apply the defaults.
cookie.setMaxAge(scc.getMaxAge());
cookie.setComment(scc.getComment());
if (context.getSessionCookieDomain() == null) {
// Avoid possible NPE
if (scc.getDomain() != null) {
cookie.setDomain(scc.getDomain());
}
} else {
cookie.setDomain(context.getSessionCookieDomain());
}
// Always set secure if the request is secure
if (scc.isSecure() || secure) {
cookie.setSecure(true);
}
// Always set httpOnly if the context is configured for that
if (scc.isHttpOnly() || context.getUseHttpOnly()) {
cookie.setHttpOnly(true);
}
cookie.setPath(SessionConfig.getSessionCookiePath(context));
return cookie;
}
}