|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
public interface SessionCookieConfig
Class that may be used to configure various properties of cookies used for session tracking purposes.
An instance of this class is acquired by a call to
ServletContext#getSessionCookieConfig
.
Method Summary | |
---|---|
java.lang.String |
getComment()
Gets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
java.lang.String |
getDomain()
Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
int |
getMaxAge()
Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
java.lang.String |
getName()
Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
java.lang.String |
getPath()
Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
boolean |
isHttpOnly()
Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly. |
boolean |
isSecure()
Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS. |
void |
setComment(java.lang.String comment)
Sets the comment that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
void |
setDomain(java.lang.String domain)
Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
void |
setHttpOnly(boolean httpOnly)
Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly. |
void |
setMaxAge(int maxAge)
Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
void |
setName(java.lang.String name)
Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
void |
setPath(java.lang.String path)
Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired. |
void |
setSecure(boolean secure)
Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure. |
Method Detail |
---|
void setName(java.lang.String name)
NOTE: Changing the name of session tracking cookies may break other tiers (for example, a load balancing frontend) that assume the cookie name to be equal to the default JSESSIONID, and therefore should only be done cautiously.
name
- the cookie name to use
IllegalStateException
- if the ServletContext
from which this SessionCookieConfig was acquired has
already been initializedjava.lang.String getName()
By default, JSESSIONID will be used as the cookie name.
setName(java.lang.String)
, or
null if setName(java.lang.String)
was never calledCookie.getName()
void setDomain(java.lang.String domain)
domain
- the cookie domain to use
IllegalStateException
- if the ServletContext
from which this SessionCookieConfig was acquired has
already been initializedCookie.setDomain(String)
java.lang.String getDomain()
setDomain(java.lang.String)
, or
null if setDomain(java.lang.String)
was never calledCookie.getDomain()
void setPath(java.lang.String path)
path
- the cookie path to use
IllegalStateException
- if the ServletContext
from which this SessionCookieConfig was acquired has
already been initializedCookie.setPath(String)
java.lang.String getPath()
By default, the context path of the ServletContext from which this SessionCookieConfig was acquired will be used.
setPath(java.lang.String)
, or null
if setPath(java.lang.String)
was never calledCookie.getPath()
void setComment(java.lang.String comment)
As a side effect of this call, the session tracking cookies
will be marked with a Version
attribute equal to
1
.
comment
- the cookie comment to use
IllegalStateException
- if the ServletContext
from which this SessionCookieConfig was acquired has
already been initializedCookie.setComment(String)
,
Cookie.getVersion()
java.lang.String getComment()
setComment(java.lang.String)
, or
null if setComment(java.lang.String)
was never calledCookie.getComment()
void setHttpOnly(boolean httpOnly)
A cookie is marked as HttpOnly by adding the HttpOnly attribute to it. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.
httpOnly
- true if the session tracking cookies created
on behalf of the application represented by the
ServletContext from which this SessionCookieConfig
was acquired shall be marked as HttpOnly, false otherwise
IllegalStateException
- if the ServletContext
from which this SessionCookieConfig was acquired has
already been initializedCookie.setHttpOnly(boolean)
boolean isHttpOnly()
Cookie.isHttpOnly()
void setSecure(boolean secure)
One use case for marking a session tracking cookie as secure, even though the request that initiated the session came over HTTP, is to support a topology where the web container is front-ended by an SSL offloading load balancer. In this case, the traffic between the client and the load balancer will be over HTTPS, whereas the traffic between the load balancer and the web container will be over HTTP.
secure
- true if the session tracking cookies created on
behalf of the application represented by the ServletContext
from which this SessionCookieConfig was acquired shall be
marked as secure even if the request that initiated the
corresponding session is using plain HTTP instead of HTTPS, and false
if they shall be marked as secure only if the request that
initiated the corresponding session was also secure
IllegalStateException
- if the ServletContext
from which this SessionCookieConfig was acquired has
already been initializedCookie.setSecure(boolean)
,
ServletRequest#isSecure()
boolean isSecure()
Cookie.getSecure()
,
ServletRequest#isSecure()
void setMaxAge(int maxAge)
maxAge
- the lifetime (in seconds) of the session tracking
cookies created on behalf of the application represented by the
ServletContext from which this SessionCookieConfig
was acquired.
IllegalStateException
- if the ServletContext
from which this SessionCookieConfig was acquired has
already been initializedCookie.setMaxAge(int)
int getMaxAge()
By default, -1 is returned.
Cookie.getMaxAge()
|
|||||||||
PREV CLASS NEXT CLASS | FRAMES NO FRAMES | ||||||||
SUMMARY: NESTED | FIELD | CONSTR | METHOD | DETAIL: FIELD | CONSTR | METHOD |
Copyright © 2009-2011, Oracle Corporation and/or its affiliates. All Rights Reserved. Use is subject to license terms.
Generated on 10-February-2011 12:41