List of usage examples for org.apache.shiro.web.servlet ShiroHttpServletRequest COOKIE_SESSION_ID_SOURCE
String COOKIE_SESSION_ID_SOURCE
To view the source code for org.apache.shiro.web.servlet ShiroHttpServletRequest COOKIE_SESSION_ID_SOURCE.
Click Source Link
From source file:org.sonatype.nexus.security.StatelessAndStatefulWebSessionManager.java
License:Open Source License
private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) { String id = getSessionIdCookieValue(request, response); if (id != null) { request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE); } else {/*w w w.ja v a 2s. c o m*/ // not in a cookie, or cookie is disabled - try the request params as a fallback (i.e. URL rewriting): id = request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME); if (id == null) { // try lowercase: id = request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME.toLowerCase()); } if (id != null) { request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE, ShiroHttpServletRequest.URL_SESSION_ID_SOURCE); } } if (id != null) { request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id); // automatically mark it valid here. If it is invalid, the // onUnknownSession method below will be invoked and we'll remove the attribute at that time. request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE); } return id; }