List of usage examples for javax.servlet.http HttpSession isNew
public boolean isNew();
true if the client does not yet know about the session or if the client chooses not to join the session. From source file:net.webpasswordsafe.server.ServerSessionUtil.java
public static void initCsrfSession() { HttpSession session = getRequest().getSession(false); if (session.isNew() || (session.getAttribute(Constants.CSRF_TOKEN_KEY) == null)) { // either new session or old session without csrf token set, so set it session.setAttribute(Constants.CSRF_TOKEN_KEY, session.getId()); Cookie cookie = new Cookie(Constants.CSRF_TOKEN_KEY, session.getId()); cookie.setPath("".equals(getRequest().getContextPath()) ? "/" : getRequest().getContextPath()); getResponse().addCookie(cookie); }/*from ww w.java 2 s . com*/ }
From source file:edu.ucsb.nceas.metacat.util.RequestUtil.java
/** * Get the session data from a request. The Scenarios we can run across * here: //from ww w . j av a 2 s . c o m * -- the session id parameter was set in the request parameters * -- request.getSession returns a new session. There is a chance that the * session id was set in a cookie. Check for a JSESSIONID cookie and use * that id if provided. * -- request.getSession returns a session that is a) * preexisting or b) new but without a JSESSIONID cookie. Use the session id * from this session * * @param request * the request from which to get the session data * @return the session data object representing the active session for this * request. If there is no active session, the public session data * is returned */ public static SessionData getSessionData(HttpServletRequest request) { SessionData sessionData = null; String sessionId = null; Hashtable<String, String[]> params = getParameters(request); if (params.containsKey("sessionid")) { // the session id is specified in the request parameters sessionId = ((String[]) params.get("sessionid"))[0]; logMetacat.debug("session ID provided in request properties: " + sessionId); } else { HttpSession session = request.getSession(true); if (session.isNew()) { // this is a new session Cookie sessionCookie = RequestUtil.getCookie(request, "JSESSIONID"); if (sessionCookie != null) { // and there is a JSESSIONID cookie sessionId = sessionCookie.getValue(); logMetacat.debug("session ID provided in request cookie: " + sessionId); } } if (sessionId == null) { // there is an existing session (session is old) sessionId = session.getId(); logMetacat.debug("session ID retrieved from request: " + sessionId); } } // if the session id is registered in SessionService, get the // SessionData for it. Otherwise, use the public session. if (SessionService.isSessionRegistered(sessionId)) { logMetacat.debug("retrieving session data from session service " + "for session id " + sessionId); sessionData = SessionService.getRegisteredSession(sessionId); } else { logMetacat.debug("using public session. Given session id is " + "registered: " + sessionId); sessionData = SessionService.getPublicSession(); } return sessionData; }
From source file:org.dspace.webmvc.utils.Authenticate.java
/** * Store information about the current user in the request and context * /*from ww w. jav a 2 s. co m*/ * @param context * DSpace context * @param request * HTTP request * @param eperson * the eperson logged in */ public static void loggedIn(Context context, HttpServletRequest request, EPerson eperson) { HttpSession session = request.getSession(); // For security reasons after login, give the user a new session if ((!session.isNew()) && (session.getAttribute("dspace.current.user.id") == null)) { // Keep the user's locale setting if set Locale sessionLocale = getSessionLocale(request); // Get info about the interrupted request, if set RequestInfo requestInfo = (RequestInfo) session.getAttribute("interrupted.request.info"); // Get the original URL of interrupted request, if set String requestUrl = (String) session.getAttribute("interrupted.request.url"); // Invalidate session unless dspace.cfg says not to if (ConfigurationManager.getBooleanProperty("webui.session.invalidate", true)) { session.invalidate(); } // Give the user a new session session = request.getSession(); // Restore the session locale if (sessionLocale != null) { //Config.set(request.getSession(), Config.FMT_LOCALE, sessionLocale); session.setAttribute("FMT_LOCALE", sessionLocale); } // Restore interrupted request information and url to new session if (requestInfo != null && requestUrl != null) { session.setAttribute("interrupted.request.info", requestInfo); session.setAttribute("interrupted.request.url", requestUrl); } } context.setCurrentUser(eperson); boolean isAdmin = false; try { isAdmin = AuthorizeManager.isAdmin(context); } catch (SQLException se) { log.warn("Unable to use AuthorizeManager " + se); } finally { request.setAttribute("isadmin", Boolean.valueOf(isAdmin)); } // We store the current user in the request as an EPerson object... request.setAttribute("dspace.current.user", eperson); // and in the session as an ID session.setAttribute("dspace.current.user.id", Integer.valueOf(eperson.getID())); // and the remote IP address to compare against later requests // so we can detect session hijacking. session.setAttribute("dspace.current.remote.addr", request.getRemoteAddr()); }
From source file:LocaleSessionServlet.java
public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException { HttpSession userSession = request.getSession(); if (userSession.isNew()) { userSession.setAttribute("userLocale", request.getLocale()); }/*from ww w. j a v a 2 s .c om*/ }
From source file:com.pe.nisira.movil.view.listener.SessionTimeoutFilter.java
@Override public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { System.out.println("filter called"); final HttpServletRequest req = (HttpServletRequest) request; final HttpSession session = req.getSession(false); if (session != null && !session.isNew()) { chain.doFilter(request, response); } else {/*from w w w . j a v a 2s. co m*/ System.out.println("Has timed out"); req.getRequestDispatcher("/index.xthml").forward(request, response); } }
From source file:com.liferay.portal.events.LogSessionIdAction.java
public void run(HttpServletRequest req, HttpServletResponse res) throws ActionException { HttpSession ses = req.getSession(); _log.debug("Session id " + ses.getId() + " is " + (!ses.isNew() ? "not " : "") + "new"); }
From source file:com.acc.storefront.filters.StorefrontFilter.java
protected boolean isSessionNotInitialized(final HttpSession session, final String queryString) { return session.isNew() || StringUtils.contains(queryString, CMSFilter.CLEAR_CMSSITE_PARAM) || !isSessionInitialized(session); }
From source file:edu.lafayette.metadb.web.authentication.Login.java
private void setUpSession(HttpSession session, String username, String project) { if (session.isNew()) { session.setAttribute(Global.SESSION_USERNAME, username); session.setAttribute(Global.SESSION_PROJECT, project); session.setAttribute(Global.SESSION_BINDER, new SessionBinder()); }//w w w .j ava 2s .c o m if (session.getAttribute(Global.SESSION_USERNAME) == null) session.setAttribute(Global.SESSION_USERNAME, username); if (session.getAttribute(Global.SESSION_PROJECT) == null) session.setAttribute(Global.SESSION_PROJECT, project); if (session.getAttribute(Global.SESSION_BINDER) == null) session.setAttribute(Global.SESSION_BINDER, new SessionBinder()); }
From source file:ManualInvalidate.java
public void doGet(HttpServletRequest req, HttpServletResponse res) throws ServletException, IOException { res.setContentType("text/html"); HttpSession session = req.getSession(); // Invalidate the session if it's more than a day old or has been // inactive for more than an hour. if (!session.isNew()) { // skip new sessions Date dayAgo = new Date(System.currentTimeMillis() - 24 * 60 * 60 * 1000); Date hourAgo = new Date(System.currentTimeMillis() - 60 * 60 * 1000); Date created = new Date(session.getCreationTime()); Date accessed = new Date(session.getLastAccessedTime()); if (created.before(dayAgo) || accessed.before(hourAgo)) { session.invalidate();//from w w w .j a v a 2s. c o m session = req.getSession(); // get a new session } } }
From source file:be.fedict.eid.idp.webapp.SessionLoggingFilter.java
public void doFilter(ServletRequest request, ServletResponse response, FilterChain chain) throws IOException, ServletException { HttpServletRequest httpRequest = (HttpServletRequest) request; HttpSession httpSession = httpRequest.getSession(false); if (null != httpSession) { String sessionId = httpSession.getId(); boolean isNew = httpSession.isNew(); String clientSessionId = httpRequest.getRequestedSessionId(); LOG.debug("request URI: " + httpRequest.getRequestURI()); LOG.debug("session id: " + sessionId + "; is new: " + isNew); if (null == clientSessionId) { LOG.debug("no client session id received"); } else {/*from w w w .j a v a 2s. c o m*/ LOG.debug("client session id: " + clientSessionId); } } chain.doFilter(request, response); }