Poco::OSP::Web

class WebSessionManager

Library: OSP/Web
Package: Web
Header: Poco/OSP/Web/WebSessionManager.h

Description

A WebSessionManager manages HTTP sessions using cookies.

The SessionManager is registered under the service name "osp.web.session".

Note that the application name (appName) specified in get() and create() can contain a domain name, separated by '@'. If a domain name is given, it is used to set the domain for the session cookie. Similarly, a path can be given, beginning with a slash.

For example, if the appName is sample@.appinf.com, then the browser will send the session cookie to all hosts with names in the appinf.com domain. If a domain is not given, the session cookie will only be available to the host that has originally set it.

Inheritance

Direct Base Classes: WebSessionService < Poco::Net::HTTPServerRequest >

All Base Classes: WebSessionService < Poco::Net::HTTPServerRequest >

Member Summary

Member Functions: addCSRFCookie, addSessionCookie, cookieDomain, cookieName, cookiePath, create, createSessionId, find, get, getCSRFCookie, getCookiePersistence, getDefaultDomain, getDefaultPath, getId, isA, isCookieSecure, remove, setCSRFCookie, setCookiePersistence, setCookieSecure, setDefaultDomain, setDefaultPath, type

Types

Ptr

typedef Poco::AutoPtr < WebSessionManager > Ptr;

Enumerations

CookiePersistence

COOKIE_TRANSIENT = 1

Session cookies are transient (go away when browser is closed).

COOKIE_PERSISTENT = 2

Session cookies are persistent (kept in browser until they expire).

Constructors

WebSessionManager

WebSessionManager();

Creates the SessionManager.

Destructor

~WebSessionManager

~WebSessionManager();

Destroys the SessionManager.

Member Functions

create

WebSession::Ptr create(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    int expireSeconds,
    BundleContext::Ptr pContext
);

find

WebSession::Ptr find(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request
);

get

WebSession::Ptr get(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    int expireSeconds,
    BundleContext::Ptr pContext
);

getCSRFCookie

const std::string & getCSRFCookie() const;

Returns the name of the CSRF cookie, if set, otherwise an empty string.

getCookiePersistence

CookiePersistence getCookiePersistence() const;

Returns the cookie persistence for the session and CSRF cookies.

getDefaultDomain

const std::string & getDefaultDomain() const;

Returns the default domain for the session cookie.

getDefaultPath

const std::string & getDefaultPath() const;

Returns the default path for the session cookie.

isA virtual

virtual bool isA(
    const std::type_info & otherType
) const;

isCookieSecure

bool isCookieSecure() const;

Returns true if the session cookie has the secure attribute set, otherwise false.

remove

void remove(
    WebSession::Ptr ptr
);

setCSRFCookie

void setCSRFCookie(
    const std::string & name
);

Sets the name of the CSRF/XSRF cookie.

If set, the CSRF token of the session will be stored in the cookie with the given name. This cookie is accessible from JavaScript and can be used to authenticate scripted HTTP requests (together with the session cookie).

setCookiePersistence

void setCookiePersistence(
    CookiePersistence persistence
);

Sets the cookie persistence, which controls whether session and CSRF cookies are transient (go away when the browser is closed) or persistent (default).

setCookieSecure

void setCookieSecure(
    bool secure
);

Sets the secure attribute of the session cookie.

If set to true, the browser will only send the cookie over HTTPS connections.

setDefaultDomain

void setDefaultDomain(
    const std::string & domain
);

Sets the default domain for the session cookie.

setDefaultPath

void setDefaultPath(
    const std::string & path
);

Sets the default path for the session cookie.

type virtual

virtual const std::type_info & type() const;

addCSRFCookie protected

void addCSRFCookie(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    WebSession::Ptr ptrSes
);

addSessionCookie protected

void addSessionCookie(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    WebSession::Ptr ptrSes
);

cookieDomain protected

std::string cookieDomain(
    const std::string & appName
);

cookieName protected

std::string cookieName(
    const std::string & appName
);

cookiePath protected

std::string cookiePath(
    const std::string & appName
);

createSessionId protected

std::string createSessionId(
    const Poco::Net::HTTPServerRequest & request
);

getId protected

std::string getId(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request
);

Variables

SERVICE_NAME static

static const std::string SERVICE_NAME;