public interface SessionHandler extends Handler<RoutingContext>
Session
for each browser
session.
It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.
The session is available on the routing context with
RoutingContext.session()
.
Modifier and Type | Field and Description |
---|---|
static boolean |
DEFAULT_COOKIE_HTTP_ONLY_FLAG
Default of whether the cookie has the HttpOnly flag set More info:
https://www.owasp.org/index.php/HttpOnly
|
static boolean |
DEFAULT_COOKIE_SECURE_FLAG
Default of whether the cookie has the 'secure' flag set to allow transmission
over https only.
|
static boolean |
DEFAULT_LAZY_SESSION
Default of whether the session should be created lazily.
|
static boolean |
DEFAULT_NAG_HTTPS
Default of whether a nagging log warning should be written if the session
handler is accessed over HTTP, not HTTPS
|
static String |
DEFAULT_SESSION_COOKIE_NAME
Default name of session cookie
|
static String |
DEFAULT_SESSION_COOKIE_PATH
Default path of session cookie
|
static long |
DEFAULT_SESSION_TIMEOUT
Default time, in ms, that a session lasts for without being accessed before
expiring.
|
static int |
DEFAULT_SESSIONID_MIN_LENGTH
Default min length for a session id.
|
Modifier and Type | Method and Description |
---|---|
static SessionHandler |
create(SessionStore sessionStore)
Create a session handler
|
default Future<Void> |
flush(RoutingContext ctx)
Promisified flush.
|
default Future<Void> |
flush(RoutingContext ctx,
boolean ignoreStatus)
Promisified flush.
|
SessionHandler |
flush(RoutingContext ctx,
boolean ignoreStatus,
Handler<AsyncResult<Void>> handler)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of
a failure at the store level.
|
SessionHandler |
flush(RoutingContext ctx,
Handler<AsyncResult<Void>> handler)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of
a failure at the store level.
|
Session |
newSession(RoutingContext context)
Create a new session
|
SessionHandler |
setCookieHttpOnlyFlag(boolean httpOnly)
Sets whether the 'HttpOnly' flag should be set for the session cookie.
|
SessionHandler |
setCookieless(boolean cookieless)
Use sessions based on url paths instead of cookies.
|
SessionHandler |
setCookieMaxAge(long cookieMaxAge)
Set a Cookie max-age to the session cookie.
|
SessionHandler |
setCookieSameSite(CookieSameSite policy)
Set the session cookie SameSite policy to use.
|
SessionHandler |
setCookieSecureFlag(boolean secure)
Sets whether the 'secure' flag should be set for the session cookie.
|
SessionHandler |
setLazySession(boolean lazySession)
Use a lazy session creation mechanism.
|
SessionHandler |
setMinLength(int minLength)
Set expected session id minimum length.
|
SessionHandler |
setNagHttps(boolean nag)
Set whether a nagging log warning should be written if the session handler is
accessed over HTTP, not HTTPS
|
SessionHandler |
setSessionCookieName(String sessionCookieName)
Set the session cookie name
|
SessionHandler |
setSessionCookiePath(String sessionCookiePath)
Set the session cookie path
|
SessionHandler |
setSessionTimeout(long timeout)
Set the session timeout
|
Future<Void> |
setUser(RoutingContext context,
User user)
Set the user for the session
|
default SessionHandler |
setUser(RoutingContext context,
User user,
Handler<AsyncResult<Void>> handler)
Set the user for the session
|
static final String DEFAULT_SESSION_COOKIE_NAME
static final String DEFAULT_SESSION_COOKIE_PATH
static final long DEFAULT_SESSION_TIMEOUT
static final boolean DEFAULT_NAG_HTTPS
static final boolean DEFAULT_COOKIE_HTTP_ONLY_FLAG
static final boolean DEFAULT_COOKIE_SECURE_FLAG
static final int DEFAULT_SESSIONID_MIN_LENGTH
static final boolean DEFAULT_LAZY_SESSION
static SessionHandler create(SessionStore sessionStore)
sessionStore
- the session storeSessionHandler setSessionTimeout(long timeout)
timeout
- the timeout, in ms.SessionHandler setNagHttps(boolean nag)
nag
- true to nagSessionHandler setCookieSecureFlag(boolean secure)
secure
- true to set the secure flag on the cookieSessionHandler setCookieHttpOnlyFlag(boolean httpOnly)
httpOnly
- true to set the HttpOnly flag on the cookieSessionHandler setSessionCookieName(String sessionCookieName)
sessionCookieName
- the session cookie nameSessionHandler setSessionCookiePath(String sessionCookiePath)
sessionCookiePath
- the session cookie pathSessionHandler setMinLength(int minLength)
minLength
- the session id minimal lengthSessionHandler setCookieSameSite(CookieSameSite policy)
policy
- to use, null
for no policy.SessionHandler setLazySession(boolean lazySession)
lazySession
- true to have a lazy session creation.SessionHandler setCookieMaxAge(long cookieMaxAge)
cookieMaxAge
- a non negative max-age, note that 0 means expire now.SessionHandler flush(RoutingContext ctx, Handler<AsyncResult<Void>> handler)
ctx
- the current contexthandler
- the event handler to signal a asynchronous response.SessionHandler flush(RoutingContext ctx, boolean ignoreStatus, Handler<AsyncResult<Void>> handler)
ctx
- the current contextignoreStatus
- flush regardless of response status codehandler
- the event handler to signal a asynchronous response.default Future<Void> flush(RoutingContext ctx)
flush(RoutingContext, Handler)
.default Future<Void> flush(RoutingContext ctx, boolean ignoreStatus)
flush(RoutingContext, boolean, Handler)
.SessionHandler setCookieless(boolean cookieless)
cookieless
- true if a cookieless session should be usedSession newSession(RoutingContext context)
context
- the routing contextFuture<Void> setUser(RoutingContext context, User user)
context
- the routing contextuser
- the userdefault SessionHandler setUser(RoutingContext context, User user, Handler<AsyncResult<Void>> handler)
context
- the routing contextuser
- the userhandler
- the event handler to signal a asynchronous response.Copyright © 2021 Eclipse. All rights reserved.