Example usage for org.apache.shiro.web.servlet ShiroHttpSession DEFAULT_SESSION_ID_NAME

Introduction

In this page you can find the example usage for org.apache.shiro.web.servlet ShiroHttpSession DEFAULT_SESSION_ID_NAME.

Prototype

String DEFAULT_SESSION_ID_NAME

To view the source code for org.apache.shiro.web.servlet ShiroHttpSession DEFAULT_SESSION_ID_NAME.

Click Source Link

Usage

From source file:org.sonatype.nexus.security.StatelessAndStatefulWebSessionManager.java

License:Open Source License

private Serializable getReferencedSessionId(ServletRequest request, ServletResponse response) {

    String id = getSessionIdCookieValue(request, response);
    if (id != null) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                ShiroHttpServletRequest.COOKIE_SESSION_ID_SOURCE);
    } else {/*from   ww w.  j  ava2  s  .c  o m*/
        // not in a cookie, or cookie is disabled - try the request params as a fallback (i.e. URL rewriting):
        id = request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
        if (id == null) {
            // try lowercase:
            id = request.getParameter(ShiroHttpSession.DEFAULT_SESSION_ID_NAME.toLowerCase());
        }
        if (id != null) {
            request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_SOURCE,
                    ShiroHttpServletRequest.URL_SESSION_ID_SOURCE);
        }
    }
    if (id != null) {
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID, id);
        // automatically mark it valid here. If it is invalid, the
        // onUnknownSession method below will be invoked and we'll remove the attribute at that time.
        request.setAttribute(ShiroHttpServletRequest.REFERENCED_SESSION_ID_IS_VALID, Boolean.TRUE);
    }
    return id;
}

---