craigmcc 00/11/10 18:07:02
Modified: src/share/org/apache/tomcat/request Tag: tomcat_32
SessionInterceptor.java
src/share/org/apache/tomcat/session Tag: tomcat_32
StandardSessionInterceptor.java
Log:
Migrate the handling of session id cookies from SessionInterceptor to
StandardSessionInterceptor.
When there are multiple session ID cookies, take the *first* one as the
one that belongs to us, because of the rule in RFC 2109 that clients must
specify such cookies with the most specific "path" attribute first. This
corresponds to the servlet spec rule that we take the longest prefix match
when selecting which context will handle a particular request. (This is
slightly different than the original proposed behavior, and matches
behavior just added in Tomcat 4.0 as well.)
Submitted by: Paul Frieden <[EMAIL PROTECTED]>
Revision Changes Path
No revision
No revision
1.24.2.2 +9 -40
jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java
Index: SessionInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java,v
retrieving revision 1.24.2.1
retrieving revision 1.24.2.2
diff -u -r1.24.2.1 -r1.24.2.2
--- SessionInterceptor.java 2000/11/07 22:15:35 1.24.2.1
+++ SessionInterceptor.java 2000/11/11 02:07:02 1.24.2.2
@@ -82,7 +82,7 @@
// GS, separates the session id from the jvm route
static final char SESSIONID_ROUTE_SEP = '.';
ContextManager cm;
-
+
public SessionInterceptor() {
}
@@ -109,51 +109,23 @@
int foundAt=-1;
String uri=request.getRequestURI();
String sessionId;
-
+
if ((foundAt=uri.indexOf(sig))!=-1){
sessionId=uri.substring(foundAt+sig.length());
// I hope the optimizer does it's job:-)
sessionId = fixSessionId( request, sessionId );
-
+
// rewrite URL, do I need to do anything more?
request.setRequestURI(uri.substring(0, foundAt));
// No validate now - we just note that this is what the user
- // requested.
+ // requested.
request.setSessionIdSource( Request.SESSIONID_FROM_URL);
request.setRequestedSessionId( sessionId );
}
return 0;
}
- /** This happens after context map, so we know the context.
- * We can probably do it later too.
- */
- public int requestMap(Request request ) {
- String sessionId = null;
-
- int count=request.getCookieCount();
-
- // Give priority to cookies. I don't know if that's part
- // of the spec - XXX
- for( int i=0; i<count; i++ ) {
- Cookie cookie = request.getCookie(i);
-
- if (cookie.getName().equals("JSESSIONID")) {
- sessionId = cookie.getValue();
- sessionId = fixSessionId( request, sessionId );
-
- // XXX what if we have multiple session cookies ?
- // right now only the first is used
- request.setRequestedSessionId( sessionId );
- request.setSessionIdSource( Request.SESSIONID_FROM_COOKIE);
- break;
- }
- }
-
- return 0;
- }
-
/** Fix the session id. If the session is not valid return null.
* It will also clean up the session from load-balancing strings.
* @return sessionId, or null if not valid
@@ -178,7 +150,7 @@
if( reqSessionId==null)
return 0;
-
+
// GS, set the path attribute to the cookie. This way
// multiple session cookies can be used, one for each
// context.
@@ -188,11 +160,9 @@
}
// GS, piggyback the jvm route on the session id.
- if(!sessionPath.equals("/")) {
- String jvmRoute = rrequest.getJvmRoute();
- if(null != jvmRoute) {
- reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
- }
+ String jvmRoute = rrequest.getJvmRoute();
+ if(null != jvmRoute) {
+ reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
}
Cookie cookie = new Cookie("JSESSIONID",
@@ -206,10 +176,9 @@
cookie.setVersion(0);
response.addHeader( CookieTools.getCookieHeaderName(cookie),
CookieTools.getCookieHeaderValue(cookie));
-
+
return 0;
}
}
-
No revision
No revision
1.5.2.1 +60 -42
jakarta-tomcat/src/share/org/apache/tomcat/session/StandardSessionInterceptor.java
Index: StandardSessionInterceptor.java
===================================================================
RCS file:
/home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/StandardSessionInterceptor.java,v
retrieving revision 1.5
retrieving revision 1.5.2.1
diff -u -r1.5 -r1.5.2.1
--- StandardSessionInterceptor.java 2000/06/20 19:22:54 1.5
+++ StandardSessionInterceptor.java 2000/11/11 02:07:02 1.5.2.1
@@ -3,7 +3,7 @@
*
* The Apache Software License, Version 1.1
*
- * Copyright (c) 1999 The Apache Software Foundation. All rights
+ * Copyright (c) 1999 The Apache Software Foundation. All rights
* reserved.
*
* Redistribution and use in source and binary forms, with or without
@@ -11,7 +11,7 @@
* are met:
*
* 1. Redistributions of source code must retain the above copyright
- * notice, this list of conditions and the following disclaimer.
+ * notice, this list of conditions and the following disclaimer.
*
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in
@@ -19,15 +19,15 @@
* distribution.
*
* 3. The end-user documentation included with the redistribution, if
- * any, must include the following acknowlegement:
- * "This product includes software developed by the
+ * any, must include the following acknowlegement:
+ * "This product includes software developed by the
* Apache Software Foundation (http://www.apache.org/)."
* Alternately, this acknowlegement may appear in the software itself,
* if and wherever such third-party acknowlegements normally appear.
*
* 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
* Foundation" must not be used to endorse or promote products derived
- * from this software without prior written permission. For written
+ * from this software without prior written permission. For written
* permission, please contact [EMAIL PROTECTED]
*
* 5. Products derived from this software may not be called "Apache"
@@ -55,7 +55,7 @@
*
* [Additional notices, if required by prior licensing conditions]
*
- */
+ */
package org.apache.tomcat.session;
@@ -80,7 +80,7 @@
* By using standard tomcat interceptor mechanisms you can plug in one or
* many session managers per context or context manager ( or even per
* URL - but that's not standard API feature ).
- *
+ *
* It must be inserted after SessionInterceptor, which does common
* session stuff ( cookie, rewrite, etc)
*
@@ -88,7 +88,8 @@
*/
public final class StandardSessionInterceptor extends BaseInterceptor {
int manager_note;
-
+ static final char SESSIONID_ROUTE_SEP = '.';
+
public StandardSessionInterceptor() {
}
@@ -109,52 +110,54 @@
/**
* StandardManager will set the HttpSession if one is found.
- *
+ *
*/
public int requestMap(Request request ) {
String sessionId = null;
+ HttpSession sess = null;
Context ctx=request.getContext();
+ StandardManager sM = getManager( ctx );
if( ctx==null ) {
log( "Configuration error in StandardSessionInterceptor - no context " +
request );
- return 0;
}
- // "access" it and set HttpSession if valid
- sessionId=request.getRequestedSessionId();
- if (sessionId != null && sessionId.length()!=0) {
- // GS, We are in a problem here, we may actually get
- // multiple Session cookies (one for the root
- // context and one for the real context... or old session
- // cookie. We must check for validity in the current context.
- StandardManager sM = getManager( ctx );
- HttpSession sess= sM.findSession( sessionId );
- if(null != sess) {
- // log( "Found session");
- // set it only if nobody else did !
- if( null == request.getSession( false ) ) {
- request.setSession( sess );
- // log("Session set ");
- }
- }
- return 0;
+ // PF, loop across all cookies named JSESSIONID checking to see if any of them
are valid.
+ // There should in most cases be a maximum of 2, and normally there will only
be one. The
+ // first valid session cookie is set as the session ID in the request.
+ int count=request.getCookieCount();
+ for( int i=0; i<count; i++ ) {
+ Cookie cookie = request.getCookie(i);
+
+ if (cookie.getName().equals("JSESSIONID")) {
+ sessionId = cookie.getValue();
+ sessionId = fixSessionId( request, sessionId );
+ if (debug > 0) log("Found session id cookie " + sessionId);
+ request.setRequestedSessionId( sessionId );
+ request.setSessionIdSource( Request.SESSIONID_FROM_COOKIE );
+ sess = sM.findSession(sessionId);
+ if (sess != null)
+ request.setSession(sess);
+ break;
+ }
+
}
- // log( "No session ");
+
return 0;
}
-
+
public void reload( Request req, Context ctx ) {
ClassLoader newLoader = ctx.getServletLoader().getClassLoader();
- StandardManager sM = getManager( ctx );
+ StandardManager sM = getManager( ctx );
sM.handleReload(req, newLoader);
}
-
+
public int newSessionRequest( Request request, Response response) {
Context ctx=request.getContext();
if( ctx==null ) return 0;
-
- StandardManager sM = getManager( ctx );
+ StandardManager sM = getManager( ctx );
+
if( request.getSession( false ) != null )
return 0; // somebody already set the session
HttpSession newS=sM.getNewSession();
@@ -169,26 +172,26 @@
*/
public int postService( Request rrequest, Response response ) {
Context ctx=rrequest.getContext();
- if( ctx==null ) return 0;
+ if( ctx==null ) return 0;
StandardManager sm= getManager( ctx );
HttpSession sess=rrequest.getSession(false);
if( sess == null ) return 0;
-
+
sm.release( sess );
return 0;
}
+
-
//-------------------- Tomcat context events --------------------
-
- /** Init session management stuff for this context.
+
+ /** Init session management stuff for this context.
*/
public void contextInit(Context ctx) throws TomcatException {
// Defaults !!
StandardManager sm= getManager( ctx );
-
+
if( sm == null ) {
sm=new StandardManager();
setManager(ctx, sm);
@@ -204,10 +207,10 @@
throw new TomcatException( ex );
}
}
-
+
/** Notification of context shutdown.
* We should clean up any resources that are used by our
- * session management code.
+ * session management code.
*/
public void contextShutdown( Context ctx )
throws TomcatException
@@ -221,4 +224,19 @@
throw new TomcatException( ex );
}
}
+
+ private String fixSessionId(Request request, String sessionId){
+ // GS, We piggyback the JVM id on top of the session cookie
+ // Separate them ...
+
+ if( debug>0 ) cm.log(" Orig sessionId " + sessionId );
+ if (null != sessionId) {
+ int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
+ if(idex > 0) {
+ sessionId = sessionId.substring(0, idex);
+ }
+ }
+ return sessionId;
+ }
+
}
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
