public interface SessionHandler extends Handler<RoutingContext>
Session
for each browser
session.
It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.
The session is available on the routing context with
RoutingContext.session()
.
Modifier and Type | Field and Description |
---|---|
static boolean |
DEFAULT_COOKIE_HTTP_ONLY_FLAG
Default of whether the cookie has the HttpOnly flag set More info:
https://www.owasp.org/index.php/HttpOnly
|
static boolean |
DEFAULT_COOKIE_SECURE_FLAG
Default of whether the cookie has the 'secure' flag set to allow transmission
over https only.
|
static boolean |
DEFAULT_LAZY_SESSION
Default of whether the session should be created lazily.
|
static boolean |
DEFAULT_NAG_HTTPS
Default of whether a nagging log warning should be written if the session
handler is accessed over HTTP, not HTTPS
|
static String |
DEFAULT_SESSION_COOKIE_NAME
Default name of session cookie
|
static String |
DEFAULT_SESSION_COOKIE_PATH
Default path of session cookie
|
static long |
DEFAULT_SESSION_TIMEOUT
Default time, in ms, that a session lasts for without being accessed before
expiring.
|
static int |
DEFAULT_SESSIONID_MIN_LENGTH
Default min length for a session id.
|
Modifier and Type | Method and Description |
---|---|
static SessionHandler |
create(SessionStore sessionStore)
Create a session handler
|
SessionHandler |
flush(RoutingContext ctx,
Handler<AsyncResult<Void>> handler)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of
a failure at the store level.
|
SessionHandler |
setAuthProvider(AuthProvider authProvider)
Deprecated.
this method has no effect
|
SessionHandler |
setCookieHttpOnlyFlag(boolean httpOnly)
Sets whether the 'HttpOnly' flag should be set for the session cookie.
|
SessionHandler |
setCookieSameSite(CookieSameSite policy)
Set the session cookie SameSite policy to use.
|
SessionHandler |
setCookieSecureFlag(boolean secure)
Sets whether the 'secure' flag should be set for the session cookie.
|
SessionHandler |
setLazySession(boolean lazySession)
Use a lazy session creation mechanism.
|
SessionHandler |
setMinLength(int minLength)
Set expected session id minimum length.
|
SessionHandler |
setNagHttps(boolean nag)
Set whether a nagging log warning should be written if the session handler is
accessed over HTTP, not HTTPS
|
SessionHandler |
setSessionCookieName(String sessionCookieName)
Set the session cookie name
|
SessionHandler |
setSessionCookiePath(String sessionCookiePath)
Set the session cookie path
|
SessionHandler |
setSessionTimeout(long timeout)
Set the session timeout
|
static final String DEFAULT_SESSION_COOKIE_NAME
static final String DEFAULT_SESSION_COOKIE_PATH
static final long DEFAULT_SESSION_TIMEOUT
static final boolean DEFAULT_NAG_HTTPS
static final boolean DEFAULT_COOKIE_HTTP_ONLY_FLAG
static final boolean DEFAULT_COOKIE_SECURE_FLAG
static final int DEFAULT_SESSIONID_MIN_LENGTH
static final boolean DEFAULT_LAZY_SESSION
static SessionHandler create(SessionStore sessionStore)
sessionStore
- the session storeSessionHandler setSessionTimeout(long timeout)
timeout
- the timeout, in ms.SessionHandler setNagHttps(boolean nag)
nag
- true to nagSessionHandler setCookieSecureFlag(boolean secure)
secure
- true to set the secure flag on the cookieSessionHandler setCookieHttpOnlyFlag(boolean httpOnly)
httpOnly
- true to set the HttpOnly flag on the cookieSessionHandler setSessionCookieName(String sessionCookieName)
sessionCookieName
- the session cookie nameSessionHandler setSessionCookiePath(String sessionCookiePath)
sessionCookiePath
- the session cookie pathSessionHandler setMinLength(int minLength)
minLength
- the session id minimal lengthSessionHandler setCookieSameSite(CookieSameSite policy)
policy
- to use, null
for no policy.SessionHandler setLazySession(boolean lazySession)
lazySession
- true to have a lazy session creation.@Deprecated SessionHandler setAuthProvider(AuthProvider authProvider)
authProvider
- any auth provider.SessionHandler flush(RoutingContext ctx, Handler<AsyncResult<Void>> handler)
ctx
- the current contexthandler
- the event handler to signal a asynchronous response.Copyright © 2023 Eclipse. All rights reserved.