Package io.vertx.rxjava3.ext.web.handler
Class SessionHandler
- java.lang.Object
-
- io.vertx.rxjava3.ext.web.handler.SessionHandler
-
- All Implemented Interfaces:
Handler<RoutingContext>
,PlatformHandler
public class SessionHandler extends Object implements PlatformHandler, Handler<RoutingContext>
A handler that maintains aSession
for each browser session.It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.
The session is available on the routing context with .
NOTE: This class has been automatically generated from the
original
non RX-ified interface using Vert.x codegen.
-
-
Field Summary
Fields Modifier and Type Field Description static io.vertx.lang.rx.TypeArg<SessionHandler>
__TYPE_ARG
static boolean
DEFAULT_COOKIE_HTTP_ONLY_FLAG
Default of whether the cookie has the HttpOnly flag set More info: https://www.owasp.org/index.php/HttpOnlystatic boolean
DEFAULT_COOKIE_SECURE_FLAG
Default of whether the cookie has the 'secure' flag set to allow transmission over https only.static boolean
DEFAULT_LAZY_SESSION
Default of whether the session should be created lazily.static boolean
DEFAULT_NAG_HTTPS
Default of whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPSstatic String
DEFAULT_SESSION_COOKIE_NAME
Default name of session cookiestatic String
DEFAULT_SESSION_COOKIE_PATH
Default path of session cookiestatic long
DEFAULT_SESSION_TIMEOUT
Default time, in ms, that a session lasts for without being accessed before expiring.static int
DEFAULT_SESSIONID_MIN_LENGTH
Default min length for a session id.
-
Constructor Summary
Constructors Constructor Description SessionHandler(SessionHandler delegate)
SessionHandler(Object delegate)
-
Method Summary
All Methods Static Methods Instance Methods Concrete Methods Modifier and Type Method Description static SessionHandler
create(SessionStore sessionStore)
Create a session handlerboolean
equals(Object o)
Completable
flush(RoutingContext ctx)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level.Completable
flush(RoutingContext ctx, boolean ignoreStatus)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level.SessionHandler
getDelegate()
void
handle(RoutingContext event)
Something has happened, so handle it.int
hashCode()
static SessionHandler
newInstance(SessionHandler arg)
Session
newSession(RoutingContext context)
Create a new sessionCompletable
rxFlush(RoutingContext ctx)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level.Completable
rxFlush(RoutingContext ctx, boolean ignoreStatus)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level.Completable
rxSetUser(RoutingContext context, User user)
Set the user for the sessionSessionHandler
setCookieHttpOnlyFlag(boolean httpOnly)
Sets whether the 'HttpOnly' flag should be set for the session cookie.SessionHandler
setCookieless(boolean cookieless)
Use sessions based on url paths instead of cookies.SessionHandler
setCookieMaxAge(long cookieMaxAge)
Set a Cookie max-age to the session cookie.SessionHandler
setCookieSameSite(CookieSameSite policy)
Set the session cookie SameSite policy to use.SessionHandler
setCookieSecureFlag(boolean secure)
Sets whether the 'secure' flag should be set for the session cookie.SessionHandler
setLazySession(boolean lazySession)
Use a lazy session creation mechanism.SessionHandler
setMinLength(int minLength)
Set expected session id minimum length.SessionHandler
setNagHttps(boolean nag)
Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPSSessionHandler
setSessionCookieName(String sessionCookieName)
Set the session cookie nameSessionHandler
setSessionCookiePath(String sessionCookiePath)
Set the session cookie pathSessionHandler
setSessionTimeout(long timeout)
Set the session timeoutSessionHandler
setSigningSecret(String secret)
Set signing secret for the session cookie.Completable
setUser(RoutingContext context, User user)
Set the user for the sessionString
toString()
-
-
-
Field Detail
-
__TYPE_ARG
public static final io.vertx.lang.rx.TypeArg<SessionHandler> __TYPE_ARG
-
DEFAULT_SESSION_COOKIE_NAME
public static final String DEFAULT_SESSION_COOKIE_NAME
Default name of session cookie- See Also:
- Constant Field Values
-
DEFAULT_SESSION_COOKIE_PATH
public static final String DEFAULT_SESSION_COOKIE_PATH
Default path of session cookie- See Also:
- Constant Field Values
-
DEFAULT_SESSION_TIMEOUT
public static final long DEFAULT_SESSION_TIMEOUT
Default time, in ms, that a session lasts for without being accessed before expiring.- See Also:
- Constant Field Values
-
DEFAULT_NAG_HTTPS
public static final boolean DEFAULT_NAG_HTTPS
Default of whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS- See Also:
- Constant Field Values
-
DEFAULT_COOKIE_HTTP_ONLY_FLAG
public static final boolean DEFAULT_COOKIE_HTTP_ONLY_FLAG
Default of whether the cookie has the HttpOnly flag set More info: https://www.owasp.org/index.php/HttpOnly- See Also:
- Constant Field Values
-
DEFAULT_COOKIE_SECURE_FLAG
public static final boolean DEFAULT_COOKIE_SECURE_FLAG
Default of whether the cookie has the 'secure' flag set to allow transmission over https only. More info: https://www.owasp.org/index.php/SecureFlag- See Also:
- Constant Field Values
-
DEFAULT_SESSIONID_MIN_LENGTH
public static final int DEFAULT_SESSIONID_MIN_LENGTH
Default min length for a session id. More info: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet- See Also:
- Constant Field Values
-
DEFAULT_LAZY_SESSION
public static final boolean DEFAULT_LAZY_SESSION
Default of whether the session should be created lazily.- See Also:
- Constant Field Values
-
-
Constructor Detail
-
SessionHandler
public SessionHandler(SessionHandler delegate)
-
SessionHandler
public SessionHandler(Object delegate)
-
-
Method Detail
-
getDelegate
public SessionHandler getDelegate()
- Specified by:
getDelegate
in interfacePlatformHandler
-
handle
public void handle(RoutingContext event)
Something has happened, so handle it.- Specified by:
handle
in interfaceHandler<RoutingContext>
- Specified by:
handle
in interfacePlatformHandler
- Parameters:
event
- the event to handle
-
create
public static SessionHandler create(SessionStore sessionStore)
Create a session handler- Parameters:
sessionStore
- the session store- Returns:
- the handler
-
setSessionTimeout
public SessionHandler setSessionTimeout(long timeout)
Set the session timeout- Parameters:
timeout
- the timeout, in ms.- Returns:
- a reference to this, so the API can be used fluently
-
setNagHttps
public SessionHandler setNagHttps(boolean nag)
Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS- Parameters:
nag
- true to nag- Returns:
- a reference to this, so the API can be used fluently
-
setCookieSecureFlag
public SessionHandler setCookieSecureFlag(boolean secure)
Sets whether the 'secure' flag should be set for the session cookie. When set this flag instructs browsers to only send the cookie over HTTPS. Note that this will probably stop your sessions working if used without HTTPS (e.g. in development).- Parameters:
secure
- true to set the secure flag on the cookie- Returns:
- a reference to this, so the API can be used fluently
-
setCookieHttpOnlyFlag
public SessionHandler setCookieHttpOnlyFlag(boolean httpOnly)
Sets whether the 'HttpOnly' flag should be set for the session cookie. When set this flag instructs browsers to prevent Javascript access to the the cookie. Used as a line of defence against the most common XSS attacks.- Parameters:
httpOnly
- true to set the HttpOnly flag on the cookie- Returns:
- a reference to this, so the API can be used fluently
-
setSessionCookieName
public SessionHandler setSessionCookieName(String sessionCookieName)
Set the session cookie name- Parameters:
sessionCookieName
- the session cookie name- Returns:
- a reference to this, so the API can be used fluently
-
setSessionCookiePath
public SessionHandler setSessionCookiePath(String sessionCookiePath)
Set the session cookie path- Parameters:
sessionCookiePath
- the session cookie path- Returns:
- a reference to this, so the API can be used fluently
-
setMinLength
public SessionHandler setMinLength(int minLength)
Set expected session id minimum length.- Parameters:
minLength
- the session id minimal length- Returns:
- a reference to this, so the API can be used fluently
-
setCookieSameSite
public SessionHandler setCookieSameSite(CookieSameSite policy)
Set the session cookie SameSite policy to use.- Parameters:
policy
- to use,null
for no policy.- Returns:
- a reference to this, so the API can be used fluently
-
setLazySession
public SessionHandler setLazySession(boolean lazySession)
Use a lazy session creation mechanism. The session will only be created when accessed from the context. Thus the session cookie is set only if the session was accessed.- Parameters:
lazySession
- true to have a lazy session creation.- Returns:
- a reference to this, so the API can be used fluently
-
setCookieMaxAge
public SessionHandler setCookieMaxAge(long cookieMaxAge)
Set a Cookie max-age to the session cookie. When doing this the Cookie will be persistent across browser restarts. This can be dangerous as closing a browser windows does not invalidate the session. For more information refer to https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#Expire_and_Max-Age_Attributes- Parameters:
cookieMaxAge
- a non negative max-age, note that 0 means expire now.- Returns:
- a reference to this, so the API can be used fluently
-
flush
public Completable flush(RoutingContext ctx)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.- Parameters:
ctx
- the current context- Returns:
- a future signaled with the asynchronous response.
-
rxFlush
public Completable rxFlush(RoutingContext ctx)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.- Parameters:
ctx
- the current context- Returns:
- a future signaled with the asynchronous response.
-
flush
public Completable flush(RoutingContext ctx, boolean ignoreStatus)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.- Parameters:
ctx
- the current contextignoreStatus
- flush regardless of response status code- Returns:
- a future signaled with the asynchronous response.
-
rxFlush
public Completable rxFlush(RoutingContext ctx, boolean ignoreStatus)
Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.- Parameters:
ctx
- the current contextignoreStatus
- flush regardless of response status code- Returns:
- a future signaled with the asynchronous response.
-
setCookieless
public SessionHandler setCookieless(boolean cookieless)
Use sessions based on url paths instead of cookies. This is an potential less safe alternative to cookies but offers an alternative when Cookies are not desired, for example, to avoid showing banners on a website due to cookie laws, or doing machine to machine operations where state is required to maintain.- Parameters:
cookieless
- true if a cookieless session should be used- Returns:
- a reference to this, so the API can be used fluently
-
newSession
public Session newSession(RoutingContext context)
Create a new session- Parameters:
context
- the routing context- Returns:
- the session
-
setUser
public Completable setUser(RoutingContext context, User user)
Set the user for the session- Parameters:
context
- the routing contextuser
- the user- Returns:
- future that will be called when complete, or a failure
-
rxSetUser
public Completable rxSetUser(RoutingContext context, User user)
Set the user for the session- Parameters:
context
- the routing contextuser
- the user- Returns:
- future that will be called when complete, or a failure
-
setSigningSecret
public SessionHandler setSigningSecret(String secret)
Set signing secret for the session cookie. The cookie will not be signed and verified by the SessionHandler if this is not set. But may be signed by the session implementation, for example, CookieSessionStore signs the cookie data.- Parameters:
secret
- the secret used to sign the session cookie data- Returns:
- a reference to this, so the API can be used fluently
-
newInstance
public static SessionHandler newInstance(SessionHandler arg)
-
-