Interface CookieSessionStore

All Superinterfaces:

SessionStore

public interface CookieSessionStore
extends SessionStore

A SessionStore that uses a Cookie to store the session data. All data is stored in encrypted form using AES-256 with AES/GCM/NoPadding.

Author:

Paulo Lopes

Field Summary

Fields inherited from interface SessionStore

DEFAULT_SESSIONID_LENGTH

Method Summary

Modifier and Type	Method	Description
static CookieSessionStore	create(Vertx vertx, String secret)	Creates a CookieSessionStore.
static CookieSessionStore	create(Vertx vertx, String secret, Buffer salt)	Deprecated. use create(Vertx, String) Creates a CookieSessionStore.

Methods inherited from interface SessionStore

clear, close, createSession, createSession, delete, get, init, put, retryTimeout, size

Method Details

create

@Deprecated
static CookieSessionStore create(Vertx vertx,
 String secret,
 Buffer salt)

Deprecated.

use create(Vertx, String) Creates a CookieSessionStore. This factory method is deprecated and will be removed in a future version. The salt value is ignored and should not be used. This was an artifact of the original implementation which used a different encryption scheme.

Parameters:

vertx - a vert.x instance

secret - a secret to derive a secure private key

salt - ignored

Returns:

the store

create

static CookieSessionStore create(Vertx vertx,
 String secret)

Creates a CookieSessionStore. Cookie data will be encrypted using the given secret. The secret as the name reflects, should never leave the server, otherwise user agents could tamper with the payload. The choice of GCM, ensures that no (IV, Key) is reusable, which means that there is no need for a salt. Also encrypting the same session multiple times will render different outputs, which prevents rainbow attacks.

Parameters:

vertx - a vert.x instance

secret - a secret to derive a secure private key

Returns:

the store