Class SessionHandler

java.lang.Object
io.vertx.rxjava3.ext.web.handler.SessionHandler
All Implemented Interfaces:
Handler<RoutingContext>, io.vertx.lang.rx.RxDelegate, PlatformHandler
public class SessionHandler extends Object implements io.vertx.lang.rx.RxDelegate, PlatformHandler, Handler<RoutingContext>
A handler that maintains a Session for each browser session.

It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.

The session is available on the routing context with .

NOTE: This class has been automatically generated from the original non RX-ified interface using Vert.x codegen.

  • Field Details

    • __TYPE_ARG

      public static final io.vertx.lang.rx.TypeArg<SessionHandler> __TYPE_ARG

    • DEFAULT_SESSION_TIMEOUT

      public static final long DEFAULT_SESSION_TIMEOUT
      Default time, in ms, that a session lasts for without being accessed before expiring.
      See Also:

    • DEFAULT_NAG_HTTPS

      public static final boolean DEFAULT_NAG_HTTPS
      Default of whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS
      See Also:

    • DEFAULT_SESSIONID_MIN_LENGTH

      public static final int DEFAULT_SESSIONID_MIN_LENGTH
      Default min length for a session id. More info: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet
      See Also:

    • DEFAULT_LAZY_SESSION

      public static final boolean DEFAULT_LAZY_SESSION
      Default of whether the session should be created lazily.
      See Also:

  • Constructor Details

    • SessionHandler

      public SessionHandler(SessionHandler delegate)

    • SessionHandler

      public SessionHandler(Object delegate)

  • Method Details

    • toString

      public String toString()
      Overrides:
      toString in class Object

    • equals

      public boolean equals(Object o)
      Overrides:
      equals in class Object

    • hashCode

      public int hashCode()
      Overrides:
      hashCode in class Object

    • getDelegate

      public SessionHandler getDelegate()
      Specified by:
      getDelegate in interface PlatformHandler
      Specified by:
      getDelegate in interface io.vertx.lang.rx.RxDelegate

    • handle

      public void handle(RoutingContext event)
      Something has happened, so handle it.
      Specified by:
      handle in interface Handler<RoutingContext>
      Specified by:
      handle in interface PlatformHandler
      Parameters:
      event - the event to handle

    • create

      public static SessionHandler create(SessionStore sessionStore)
      Create a session handler
      Parameters:
      sessionStore - the session store
      Returns:
      the handler

    • setSessionTimeout

      public SessionHandler setSessionTimeout(long timeout)
      Set the session timeout
      Parameters:
      timeout - the timeout, in ms.
      Returns:
      a reference to this, so the API can be used fluently

    • setNagHttps

      public SessionHandler setNagHttps(boolean nag)
      Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS
      Parameters:
      nag - true to nag
      Returns:
      a reference to this, so the API can be used fluently

    • setCookieSecureFlag

      public SessionHandler setCookieSecureFlag(boolean secure)
      Sets whether the 'secure' flag should be set for the session cookie. When set this flag instructs browsers to only send the cookie over HTTPS. Note that this will probably stop your sessions working if used without HTTPS (e.g. in development).
      Parameters:
      secure - true to set the secure flag on the cookie
      Returns:
      a reference to this, so the API can be used fluently

    • setCookieHttpOnlyFlag

      public SessionHandler setCookieHttpOnlyFlag(boolean httpOnly)
      Sets whether the 'HttpOnly' flag should be set for the session cookie. When set this flag instructs browsers to prevent Javascript access to the the cookie. Used as a line of defence against the most common XSS attacks.
      Parameters:
      httpOnly - true to set the HttpOnly flag on the cookie
      Returns:
      a reference to this, so the API can be used fluently

    • setSessionCookieName

      public SessionHandler setSessionCookieName(String sessionCookieName)
      Set the session cookie name
      Parameters:
      sessionCookieName - the session cookie name
      Returns:
      a reference to this, so the API can be used fluently

    • setSessionCookiePath

      public SessionHandler setSessionCookiePath(String sessionCookiePath)
      Set the session cookie path
      Parameters:
      sessionCookiePath - the session cookie path
      Returns:
      a reference to this, so the API can be used fluently

    • setMinLength

      public SessionHandler setMinLength(int minLength)
      Set expected session id minimum length.
      Parameters:
      minLength - the session id minimal length
      Returns:
      a reference to this, so the API can be used fluently

    • setCookieSameSite

      public SessionHandler setCookieSameSite(CookieSameSite policy)
      Set the session cookie SameSite policy to use.
      Parameters:
      policy - to use, null for no policy.
      Returns:
      a reference to this, so the API can be used fluently

    • setLazySession

      public SessionHandler setLazySession(boolean lazySession)
      Use a lazy session creation mechanism. The session will only be created when accessed from the context. Thus the session cookie is set only if the session was accessed.
      Parameters:
      lazySession - true to have a lazy session creation.
      Returns:
      a reference to this, so the API can be used fluently

    • setCookieMaxAge

      public SessionHandler setCookieMaxAge(long cookieMaxAge)
      Set a Cookie max-age to the session cookie. When doing this the Cookie will be persistent across browser restarts. This can be dangerous as closing a browser windows does not invalidate the session. For more information refer to https://cheatsheetseries.owasp.org/cheatsheets/Session_Management_Cheat_Sheet.html#Expire_and_Max-Age_Attributes
      Parameters:
      cookieMaxAge - a non negative max-age, note that 0 means expire now.
      Returns:
      a reference to this, so the API can be used fluently

    • flush

      public Completable flush(RoutingContext ctx)
      Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.
      Parameters:
      ctx - the current context
      Returns:
      a future signaled with the asynchronous response.

    • rxFlush

      public Completable rxFlush(RoutingContext ctx)
      Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.
      Parameters:
      ctx - the current context
      Returns:
      a future signaled with the asynchronous response.

    • flush

      public Completable flush(RoutingContext ctx, boolean ignoreStatus)
      Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.
      Parameters:
      ctx - the current context
      ignoreStatus - flush regardless of response status code
      Returns:
      a future signaled with the asynchronous response.

    • rxFlush

      public Completable rxFlush(RoutingContext ctx, boolean ignoreStatus)
      Flush a context session earlier to the store, this will allow the end user to have full control on the event of a failure at the store level. Once a session is flushed no automatic save will be performed at end of request.
      Parameters:
      ctx - the current context
      ignoreStatus - flush regardless of response status code
      Returns:
      a future signaled with the asynchronous response.

    • setCookieless

      public SessionHandler setCookieless(boolean cookieless)
      Use sessions based on url paths instead of cookies. This is an potential less safe alternative to cookies but offers an alternative when Cookies are not desired, for example, to avoid showing banners on a website due to cookie laws, or doing machine to machine operations where state is required to maintain.
      Parameters:
      cookieless - true if a cookieless session should be used
      Returns:
      a reference to this, so the API can be used fluently

    • newSession

      public Session newSession(RoutingContext context)
      Create a new session
      Parameters:
      context - the routing context
      Returns:
      the session

    • setUser

      public Completable setUser(RoutingContext context, User user)
      Set the user for the session
      Parameters:
      context - the routing context
      user - the user
      Returns:
      future that will be called when complete, or a failure

    • rxSetUser

      public Completable rxSetUser(RoutingContext context, User user)
      Set the user for the session
      Parameters:
      context - the routing context
      user - the user
      Returns:
      future that will be called when complete, or a failure

    • setSigningSecret

      public SessionHandler setSigningSecret(String secret)
      Set signing secret for the session cookie. The cookie will not be signed and verified by the SessionHandler if this is not set. But may be signed by the session implementation, for example, CookieSessionStore signs the cookie data.
      Parameters:
      secret - the secret used to sign the session cookie data
      Returns:
      a reference to this, so the API can be used fluently

    • newInstance

      public static SessionHandler newInstance(SessionHandler arg)