io.vertx.rxjava3.ext.web.handler

Class SessionHandler

java.lang.Object

io.vertx.rxjava3.ext.web.handler.SessionHandler

All Implemented Interfaces:

Handler<RoutingContext>, PlatformHandler

public class SessionHandler
extends Object
implements PlatformHandler, Handler<RoutingContext>

A handler that maintains a Session for each browser session.

It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.

The session is available on the routing context with .

NOTE: This class has been automatically generated from the original non RX-ified interface using Vert.x codegen.

Field Summary

Fields

Modifier and Type	Field and Description
static io.vertx.lang.rx.TypeArg<SessionHandler>	__TYPE_ARG
static boolean	DEFAULT_COOKIE_HTTP_ONLY_FLAG Default of whether the cookie has the HttpOnly flag set More info: https://www.owasp.org/index.php/HttpOnly
static boolean	DEFAULT_COOKIE_SECURE_FLAG Default of whether the cookie has the 'secure' flag set to allow transmission over https only.
static boolean	DEFAULT_LAZY_SESSION Default of whether the session should be created lazily.
static boolean	DEFAULT_NAG_HTTPS Default of whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS
static String	DEFAULT_SESSION_COOKIE_NAME Default name of session cookie
static String	DEFAULT_SESSION_COOKIE_PATH Default path of session cookie
static long	DEFAULT_SESSION_TIMEOUT Default time, in ms, that a session lasts for without being accessed before expiring.
static int	DEFAULT_SESSIONID_MIN_LENGTH Default min length for a session id.

Constructor Summary

Constructors

Constructor and Description
SessionHandler(Object delegate)
SessionHandler(SessionHandler delegate)

Method Summary

Modifier and Type	Method and Description
static SessionHandler	create(SessionStore sessionStore) Create a session handler
boolean	equals(Object o)
Completable	flush(RoutingContext ctx) Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level.
Completable	flush(RoutingContext ctx, boolean ignoreStatus) Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level.
SessionHandler	getDelegate()
void	handle(RoutingContext event) Something has happened, so handle it.
int	hashCode()
static SessionHandler	newInstance(SessionHandler arg)
Session	newSession(RoutingContext context) Create a new session
Completable	rxFlush(RoutingContext ctx) Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level.
Completable	rxFlush(RoutingContext ctx, boolean ignoreStatus) Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level.
Completable	rxSetUser(RoutingContext context, User user) Set the user for the session
SessionHandler	setCookieHttpOnlyFlag(boolean httpOnly) Sets whether the 'HttpOnly' flag should be set for the session cookie.
SessionHandler	setCookieless(boolean cookieless) Use sessions based on url paths instead of cookies.
SessionHandler	setCookieMaxAge(long cookieMaxAge) Set a Cookie max-age to the session cookie.
SessionHandler	setCookieSameSite(CookieSameSite policy) Set the session cookie SameSite policy to use.
SessionHandler	setCookieSecureFlag(boolean secure) Sets whether the 'secure' flag should be set for the session cookie.
SessionHandler	setLazySession(boolean lazySession) Use a lazy session creation mechanism.
SessionHandler	setMinLength(int minLength) Set expected session id minimum length.
SessionHandler	setNagHttps(boolean nag) Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS
SessionHandler	setSessionCookieName(String sessionCookieName) Set the session cookie name
SessionHandler	setSessionCookiePath(String sessionCookiePath) Set the session cookie path
SessionHandler	setSessionTimeout(long timeout) Set the session timeout
Completable	setUser(RoutingContext context, User user) Set the user for the session
String	toString()

Methods inherited from class java.lang.Object

clone, finalize, getClass, notify, notifyAll, wait, wait, wait

Methods inherited from interface io.vertx.rxjava3.ext.web.handler.PlatformHandler

newInstance

Field Detail

__TYPE_ARG

public static final io.vertx.lang.rx.TypeArg<SessionHandler> __TYPE_ARG

DEFAULT_SESSION_COOKIE_NAME

public static final String DEFAULT_SESSION_COOKIE_NAME

Default name of session cookie

See Also:

Constant Field Values

DEFAULT_SESSION_COOKIE_PATH

public static final String DEFAULT_SESSION_COOKIE_PATH

Default path of session cookie

See Also:

Constant Field Values

DEFAULT_SESSION_TIMEOUT

public static final long DEFAULT_SESSION_TIMEOUT

Default time, in ms, that a session lasts for without being accessed before expiring.

See Also:

Constant Field Values

DEFAULT_NAG_HTTPS

public static final boolean DEFAULT_NAG_HTTPS

Default of whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS

See Also:

Constant Field Values

DEFAULT_COOKIE_HTTP_ONLY_FLAG

public static final boolean DEFAULT_COOKIE_HTTP_ONLY_FLAG

Default of whether the cookie has the HttpOnly flag set More info: https://www.owasp.org/index.php/HttpOnly

See Also:

Constant Field Values

DEFAULT_COOKIE_SECURE_FLAG

public static final boolean DEFAULT_COOKIE_SECURE_FLAG

Default of whether the cookie has the 'secure' flag set to allow transmission over https only. More info: https://www.owasp.org/index.php/SecureFlag

See Also:

Constant Field Values

DEFAULT_SESSIONID_MIN_LENGTH

public static final int DEFAULT_SESSIONID_MIN_LENGTH

Default min length for a session id. More info: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet

See Also:

Constant Field Values

DEFAULT_LAZY_SESSION

public static final boolean DEFAULT_LAZY_SESSION

Default of whether the session should be created lazily.

See Also:

Constant Field Values

Constructor Detail

SessionHandler

public SessionHandler(SessionHandler delegate)

SessionHandler

public SessionHandler(Object delegate)

Method Detail

toString

public String toString()

Overrides:

toString in class Object

equals

public boolean equals(Object o)

Overrides:

equals in class Object

hashCode

public int hashCode()

Overrides:

hashCode in class Object

getDelegate

public SessionHandler getDelegate()

Specified by:

getDelegate in interface PlatformHandler

handle

public void handle(RoutingContext event)

Something has happened, so handle it.

Specified by:

handle in interface Handler<RoutingContext>

Specified by:

handle in interface PlatformHandler

Parameters:

event - the event to handle

create

public static SessionHandler create(SessionStore sessionStore)

Create a session handler

Parameters:

sessionStore - the session store

Returns:

the handler

setSessionTimeout

public SessionHandler setSessionTimeout(long timeout)

Set the session timeout

Parameters:

timeout - the timeout, in ms.

Returns:

a reference to this, so the API can be used fluently

setNagHttps

public SessionHandler setNagHttps(boolean nag)

Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS

Parameters:

nag - true to nag

Returns:

a reference to this, so the API can be used fluently

setCookieSecureFlag

public SessionHandler setCookieSecureFlag(boolean secure)

Sets whether the 'secure' flag should be set for the session cookie. When set this flag instructs browsers to only send the cookie over HTTPS. Note that this will probably stop your sessions working if used without HTTPS (e.g. in development).

Parameters:

secure - true to set the secure flag on the cookie

Returns:

a reference to this, so the API can be used fluently

setCookieHttpOnlyFlag

public SessionHandler setCookieHttpOnlyFlag(boolean httpOnly)

Sets whether the 'HttpOnly' flag should be set for the session cookie. When set this flag instructs browsers to prevent Javascript access to the the cookie. Used as a line of defence against the most common XSS attacks.

Parameters:

httpOnly - true to set the HttpOnly flag on the cookie

Returns:

a reference to this, so the API can be used fluently

setSessionCookieName

public SessionHandler setSessionCookieName(String sessionCookieName)

Set the session cookie name

Parameters:

sessionCookieName - the session cookie name

Returns:

a reference to this, so the API can be used fluently

setSessionCookiePath

public SessionHandler setSessionCookiePath(String sessionCookiePath)

Set the session cookie path

Parameters:

sessionCookiePath - the session cookie path

Returns:

a reference to this, so the API can be used fluently

setMinLength

public SessionHandler setMinLength(int minLength)

Set expected session id minimum length.

Parameters:

minLength - the session id minimal length

Returns:

a reference to this, so the API can be used fluently

setCookieSameSite

public SessionHandler setCookieSameSite(CookieSameSite policy)

Set the session cookie SameSite policy to use.

Parameters:

policy - to use, null for no policy.

Returns:

a reference to this, so the API can be used fluently

setLazySession

public SessionHandler setLazySession(boolean lazySession)

Use a lazy session creation mechanism. The session will only be created when accessed from the context. Thus the session cookie is set only if the session was accessed.

Parameters:

lazySession - true to have a lazy session creation.

Returns:

a reference to this, so the API can be used fluently

setCookieMaxAge

public SessionHandler setCookieMaxAge(long cookieMaxAge)

Set a Cookie max-age to the session cookie. When doing this the Cookie will be persistent across browser restarts. This can be dangerous as closing a browser windows does not invalidate the session. For more information refer to https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#Expire_and_Max-Age_Attributes

Parameters:

cookieMaxAge - a non negative max-age, note that 0 means expire now.

Returns:

a reference to this, so the API can be used fluently

flush

public Completable flush(RoutingContext ctx)

Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.

Parameters:

ctx - the current context

Returns:

fluent self

rxFlush

public Completable rxFlush(RoutingContext ctx)

Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.

Parameters:

ctx - the current context

Returns:

fluent self

flush

public Completable flush(RoutingContext ctx,
                         boolean ignoreStatus)

Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.

Parameters:

ctx - the current context

ignoreStatus - flush regardless of response status code

Returns:

fluent self

rxFlush

public Completable rxFlush(RoutingContext ctx,
                           boolean ignoreStatus)

Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.

Parameters:

ctx - the current context

ignoreStatus - flush regardless of response status code

Returns:

fluent self

setCookieless

public SessionHandler setCookieless(boolean cookieless)

Use sessions based on url paths instead of cookies. This is an potential less safe alternative to cookies but offers an alternative when Cookies are not desired, for example, to avoid showing banners on a website due to cookie laws, or doing machine to machine operations where state is required to maintain.

Parameters:

cookieless - true if a cookieless session should be used

Returns:

a reference to this, so the API can be used fluently

newSession

public Session newSession(RoutingContext context)

Create a new session

Parameters:

context - the routing context

Returns:

the session

setUser

public Completable setUser(RoutingContext context,
                           User user)

Set the user for the session

Parameters:

context - the routing context

user - the user

Returns:

a reference to this, so the API can be used fluently

rxSetUser

public Completable rxSetUser(RoutingContext context,
                             User user)

Set the user for the session

Parameters:

context - the routing context

user - the user

Returns:

a reference to this, so the API can be used fluently

newInstance

public static SessionHandler newInstance(SessionHandler arg)