Project Wonder 5.0

er.extensions.appserver
Class ERXSession

java.lang.Object
  extended by com.webobjects.appserver.WOSession
      extended by er.extensions.appserver.ajax.ERXAjaxSession
          extended by er.extensions.appserver.ERXSession
All Implemented Interfaces:
com.webobjects.foundation.NSKeyValueCoding, com.webobjects.foundation.NSKeyValueCoding.ErrorHandling, com.webobjects.foundation.NSKeyValueCodingAdditions, java.io.Serializable, java.lang.Cloneable

public class ERXSession
extends ERXAjaxSession
implements java.io.Serializable

The ERXSession aguments the regular WOSession object by adding a few nice additions. Of interest, notifications are now posted when a session when a session goes to sleep, David Neumann's browser backtracking detection has been added from his security framework, a somewhat comprehensive user-agent parsing is provided to know what type of browser is being used, flags have also been added to tell if javascript has been enabled, and enhanced localization support has been added.

See Also:
Serialized Form

Nested Class Summary
static class ERXSession.Observer
          The Observer inner class encapsulates functions to handle various notifications.
 
Nested classes/interfaces inherited from interface com.webobjects.foundation.NSKeyValueCodingAdditions
com.webobjects.foundation.NSKeyValueCodingAdditions.DefaultImplementation, com.webobjects.foundation.NSKeyValueCodingAdditions.Utility
 
Nested classes/interfaces inherited from interface com.webobjects.foundation.NSKeyValueCoding
com.webobjects.foundation.NSKeyValueCoding._BooleanFieldBinding, com.webobjects.foundation.NSKeyValueCoding._BooleanMethodBinding, com.webobjects.foundation.NSKeyValueCoding._FieldBinding, com.webobjects.foundation.NSKeyValueCoding._ForwardingBinding, com.webobjects.foundation.NSKeyValueCoding._KeyBinding, com.webobjects.foundation.NSKeyValueCoding._KeyBindingCreation, com.webobjects.foundation.NSKeyValueCoding._MethodBinding, com.webobjects.foundation.NSKeyValueCoding._NumberFieldBinding, com.webobjects.foundation.NSKeyValueCoding._NumberMethodBinding, com.webobjects.foundation.NSKeyValueCoding._ReflectionKeyBindingCreation, com.webobjects.foundation.NSKeyValueCoding.ErrorHandling, com.webobjects.foundation.NSKeyValueCoding.Null, com.webobjects.foundation.NSKeyValueCoding.UnknownKeyException, com.webobjects.foundation.NSKeyValueCoding.ValueAccessor
 
Field Summary
protected  com.webobjects.foundation.NSMutableDictionary _debuggingStore
          holds a debugging store for a given session.
protected  java.lang.Boolean _didBacktrack
          flag to indicate if the user is currently backtracking, meaning they hit the back button and then clicked on a link.
protected  java.lang.Boolean _javaScriptEnabled
          flag for if java script is enabled
 java.lang.String _originalThreadName
          _originalThreadName holds the original name from the WorkerThread which is the value before executing awake()
static java.lang.String JAVASCRIPT_ENABLED_COOKIE_NAME
          cookie name that if set it means that the user has cookies enabled
 boolean lastActionWasDA
          flag to indicate if the last action was a direct action
static org.apache.log4j.Logger log
          logging support
static java.lang.String SessionWillAwakeNotification
          Notification name that is posted after a session wakes up.
static java.lang.String SessionWillSleepNotification
          Notification name that is posted when a session is about to sleep.
 
Fields inherited from class er.extensions.appserver.ajax.ERXAjaxSession
_permanentContextIDArray, _permanentPageCache, DONT_STORE_PAGE, FORCE_STORE_PAGE, PAGE_REPLACEMENT_CACHE_LOOKUP_KEY
 
Fields inherited from class com.webobjects.appserver.WOSession
_componentState, _httpSession, _httpSessionWatcher, SessionDidCreateNotification, SessionDidRestoreNotification, SessionDidTimeOutNotification
 
Fields inherited from interface com.webobjects.foundation.NSKeyValueCoding.ErrorHandling
_CLASS
 
Fields inherited from interface com.webobjects.foundation.NSKeyValueCodingAdditions
_CLASS, _KeyPathSeparatorChar, KeyPathSeparator
 
Fields inherited from interface com.webobjects.foundation.NSKeyValueCoding
NullValue
 
Constructor Summary
ERXSession()
           
ERXSession(java.lang.String sessionID)
           
 
Method Summary
 void _appendCookieToResponse(com.webobjects.appserver.WOResponse response)
           
 com.webobjects.foundation.NSTimestamp _birthDate()
           
 void _clearCookieFromResponse(com.webobjects.appserver.WOResponse response)
           
protected  void _convertSessionCookiesToSecure(com.webobjects.appserver.WOResponse response)
           
static com.webobjects.appserver.WOSession anySession()
           
 void appendToResponse(com.webobjects.appserver.WOResponse aResponse, com.webobjects.appserver.WOContext aContext)
          Provides automatic encoding support for component action with messageEncoding object.
 ERXApplication application()
          Bringing application into KVC.
static boolean autoAdjustTimeZone()
          If the property er.extensions.ERXSession.autoAdjustTimeZone=true then WOStrings and WOTextFields with dateFormat bindings will be have their formatter automatically adjusted for the selected session time zone.
 com.webobjects.foundation.NSArray availableLanguagesForTheApplication()
          Returns the NSArray of language names available for this application.
 com.webobjects.foundation.NSArray availableLanguagesForThisSession()
          Returns the NSArray of language names available for this particular session.
 void awake()
          Overridden to provide a few checks to see if javascript is enabled.
 ERXBrowser browser()
          Returns the browser object representing the web browser's "user-agent" string.
static java.lang.String currentSessionID()
           
 com.webobjects.foundation.NSMutableDictionary debuggingStore()
          Simple mutable dictionary that can be used at runtime to stash objects that can be useful for debugging.
 com.webobjects.eocontrol.EOEditingContext defaultEditingContext()
          Ensures that the returned editingContext was created with the ERXEC factory.
 boolean didBacktrack()
          Method inspects the passed in request to see if the user backtracked.
 boolean javaScriptEnabled()
          Returns if this user has javascript enabled.
 java.lang.String language()
          Returns the primary language of the current session's localizer.
 ERXLocalizer localizer()
          Method to get the current localizer for this session.
 ERXMessageEncoding messageEncoding()
          Returns the message encoding of the current session.
 com.webobjects.eocontrol.EOEditingContext newDefaultEditingContext()
           
 com.webobjects.foundation.NSKeyValueCodingAdditions objectStore()
          This is a cover method which enables use of the session's object store which is usually access with setObjectForKey and objectForKey.
 ERXSession.Observer observer()
          returns the observer object for this session.
 java.lang.String requestsContextID(com.webobjects.appserver.WORequest aRequest)
          Utility method that gets the context ID string from the passed in request.
static ERXSession session()
           
 void setDefaultEditingContext(com.webobjects.eocontrol.EOEditingContext ec)
           
 void setJavaScriptEnabled(boolean newValue)
          Sets if javascript is enabled for this session.
 void setLanguage(java.lang.String language)
          Cover method to set the current localizer to the localizer for that language.
 void setLanguages(com.webobjects.foundation.NSArray languageList)
          Sets the languages list for which the session is localized.
static void setSession(ERXSession session)
           
 void setTimeZone(java.util.TimeZone timeZone)
           
 void sleep()
          Overridden to post the notification that the session will sleep.
 void takeValuesFromRequest(com.webobjects.appserver.WORequest aRequest, com.webobjects.appserver.WOContext aContext)
          Provides automatic encoding support for component action with messageEncoding object.
 void terminate()
          Overrides terminate to free up resources and unregister for notifications.
 java.lang.String threadName()
          override this method in order to provide a different name for the WorkerThread for this rr loop very useful for logging stuff: assign a log statement to a log entry.
 java.util.TimeZone timeZone()
           
 java.lang.String toString()
           
 boolean useSecureSessionCookies()
          Override and return true, or set er.extensions.ERXSession.useSecureSessionCookies if you want secure-only session and instance cookies.
 
Methods inherited from class er.extensions.appserver.ajax.ERXAjaxSession
_permanentPageCache, _permanentPageWithContextID, _saveCurrentPage, _shouldPutInPermanentCache, cleanPageReplacementCacheIfNecessary, cleanPageReplacementCacheIfNecessary, restorePageForContextID, savePage, savePageInPermanentCache
 
Methods inherited from class com.webobjects.appserver.WOSession
_allowToViewEvents, _allowToViewStatistics, _awakeInContext, _contextCounter, _contextDidIncrementContextID, _contextIDMatchingIDs, _formattedStatistics, _keyEnumerator, _lifeInMillis, _requestCounter, _setContext, _setHttpSession, _setHttpSessionWatcher, _setSessionID, _sleepInContext, _terminateByJ2EE, _terminateByTimeout, allowedToViewEvents, allowedToViewStatistics, canAccessFieldsDirectly, clone, context, debugString, domainForIDCookies, expirationDateForIDCookies, handleQueryWithUnboundKey, handleTakeValueForUnboundKey, invokeAction, isDistributionEnabled, isTerminating, languages, logString, objectForKey, removeObjectForKey, sessionID, setDistributionEnabled, setObjectForKey, setStoresIDsInCookies, setStoresIDsInURLs, setTimeOut, statistics, storesIDsInCookies, storesIDsInURLs, takeValueForKey, takeValueForKeyPath, timeOut, timeOutForIDCookies, timeOutMillis, unableToSetNullForKey, validateEventsLogin, validateStatisticsLogin, validationFailedWithException, valueForKey, valueForKeyPath
 
Methods inherited from class java.lang.Object
equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Field Detail

log

public static final org.apache.log4j.Logger log
logging support


SessionWillAwakeNotification

public static final java.lang.String SessionWillAwakeNotification
Notification name that is posted after a session wakes up.

See Also:
Constant Field Values

SessionWillSleepNotification

public static final java.lang.String SessionWillSleepNotification
Notification name that is posted when a session is about to sleep.

See Also:
Constant Field Values

JAVASCRIPT_ENABLED_COOKIE_NAME

public static final java.lang.String JAVASCRIPT_ENABLED_COOKIE_NAME
cookie name that if set it means that the user has cookies enabled

See Also:
Constant Field Values

_javaScriptEnabled

protected java.lang.Boolean _javaScriptEnabled
flag for if java script is enabled


_debuggingStore

protected com.webobjects.foundation.NSMutableDictionary _debuggingStore
holds a debugging store for a given session.


_originalThreadName

public java.lang.String _originalThreadName
_originalThreadName holds the original name from the WorkerThread which is the value before executing awake()


_didBacktrack

protected java.lang.Boolean _didBacktrack
flag to indicate if the user is currently backtracking, meaning they hit the back button and then clicked on a link.


lastActionWasDA

public boolean lastActionWasDA
flag to indicate if the last action was a direct action

Constructor Detail

ERXSession

public ERXSession()

ERXSession

public ERXSession(java.lang.String sessionID)
Method Detail

observer

public ERXSession.Observer observer()
returns the observer object for this session. If it doesn't ever exist, one will be created.

Returns:
the observer

localizer

public ERXLocalizer localizer()
Method to get the current localizer for this session. If local instance variable is null then a localizer is fetched for the session's languages array. See ERXLocalizer for more information about using a localizer.

Returns:
the current localizer for this session

language

public java.lang.String language()
Returns the primary language of the current session's localizer. This method is just a cover for calling the method localizer().language().

Returns:
primary language

setLanguage

public void setLanguage(java.lang.String language)
Cover method to set the current localizer to the localizer for that language.

Also updates languages list with the new single language.

Parameters:
language - to set the current localizer for.
See Also:
language(), setLanguages(com.webobjects.foundation.NSArray)

setLanguages

public void setLanguages(com.webobjects.foundation.NSArray languageList)
Sets the languages list for which the session is localized. The ordering of language strings in the array determines the order in which the application will search .lproj directories for localized strings, images, and component definitions.

Also updates localizer and messageEncodings.

Overrides:
setLanguages in class com.webobjects.appserver.WOSession
Parameters:
languageList - the array of languages for the session
See Also:
language(), setLanguage(java.lang.String)

availableLanguagesForTheApplication

public com.webobjects.foundation.NSArray availableLanguagesForTheApplication()
Returns the NSArray of language names available for this application. This is simply a cover method of ERXLocalizer#availableLanguages, but will be convenient for binding to dynamic elements like language selector popup.

Returns:
NSArray of language name strings available for this application
See Also:
availableLanguagesForThisSession(), ERXLocalizer#availableLanguages

availableLanguagesForThisSession

public com.webobjects.foundation.NSArray availableLanguagesForThisSession()
Returns the NSArray of language names available for this particular session. The resulting array is an intersect of web browser's language array (ERXRequest#browserLanguages) and localizer's available language array (ERXLocalizer#availableLanguages).

Note that the order of the resulting language names is not defined at this morment.

Returns:
NSArray of language name strings available for this particular session
See Also:
availableLanguagesForTheApplication(), ERXRequest#browserLanguages, ERXLocalizer#availableLanguages

messageEncoding

public ERXMessageEncoding messageEncoding()
Returns the message encoding of the current session. If it's not already set up but no current language() available for the session, it creates one with the default encoding.

Returns:
message encoding object

browser

public ERXBrowser browser()
Returns the browser object representing the web browser's "user-agent" string. You can obtain browser name, version, platform and Mozilla version, etc. through this object.
Good for WOConditional's condition binding to deal with different browser versions.

Returns:
browser object

debuggingStore

public com.webobjects.foundation.NSMutableDictionary debuggingStore()
Simple mutable dictionary that can be used at runtime to stash objects that can be useful for debugging.

Returns:
debugging store dictionary

defaultEditingContext

public com.webobjects.eocontrol.EOEditingContext defaultEditingContext()
Ensures that the returned editingContext was created with the ERXEC factory.

Overrides:
defaultEditingContext in class com.webobjects.appserver.WOSession
Returns:
the session's default editing context with the default delegate set.

setDefaultEditingContext

public void setDefaultEditingContext(com.webobjects.eocontrol.EOEditingContext ec)
Overrides:
setDefaultEditingContext in class com.webobjects.appserver.WOSession

javaScriptEnabled

public boolean javaScriptEnabled()
Returns if this user has javascript enabled. This checks a form value "javaScript" and a cookie "js" if the value is 1.

Returns:
if js is enabled, defaults to true.

setJavaScriptEnabled

public void setJavaScriptEnabled(boolean newValue)
Sets if javascript is enabled for this session. crafty entry pages can set form values via javascript to test if it is enabled.

Parameters:
newValue - says if javascript is enabled

awake

public void awake()
Overridden to provide a few checks to see if javascript is enabled.

Overrides:
awake in class com.webobjects.appserver.WOSession

sleep

public void sleep()
Overridden to post the notification that the session will sleep.

Overrides:
sleep in class com.webobjects.appserver.WOSession

threadName

public java.lang.String threadName()
override this method in order to provide a different name for the WorkerThread for this rr loop very useful for logging stuff: assign a log statement to a log entry. Something useful could be: return session().sessionID() + valueForKeyPath("user.username");


requestsContextID

public java.lang.String requestsContextID(com.webobjects.appserver.WORequest aRequest)
Utility method that gets the context ID string from the passed in request.

Parameters:
aRequest - request to get the context id from
Returns:
the context id as a string

didBacktrack

public boolean didBacktrack()
Method inspects the passed in request to see if the user backtracked. If the context ID for the request is 2 clicks less than the context ID for the current WOContext, we know the backtracked.

Returns:
if the user has backtracked or not.

takeValuesFromRequest

public void takeValuesFromRequest(com.webobjects.appserver.WORequest aRequest,
                                  com.webobjects.appserver.WOContext aContext)
Provides automatic encoding support for component action with messageEncoding object.

Overrides:
takeValuesFromRequest in class com.webobjects.appserver.WOSession
Parameters:
aRequest - current request
aContext - current context

appendToResponse

public void appendToResponse(com.webobjects.appserver.WOResponse aResponse,
                             com.webobjects.appserver.WOContext aContext)
Provides automatic encoding support for component action with messageEncoding object.

Overrides:
appendToResponse in class com.webobjects.appserver.WOSession
Parameters:
aResponse - current response object
aContext - current context object

application

public ERXApplication application()
Bringing application into KVC.


terminate

public void terminate()
Overrides terminate to free up resources and unregister for notifications.

Overrides:
terminate in class com.webobjects.appserver.WOSession

objectStore

public com.webobjects.foundation.NSKeyValueCodingAdditions objectStore()
This is a cover method which enables use of the session's object store which is usually access with setObjectForKey and objectForKey. One can use this method with KVC, like for example in .wod bindings: myString: WOString { value = session.objectStore.myLastSearchResult.count; }

Returns:
an Object which implements KVC + KVC additions

_birthDate

public com.webobjects.foundation.NSTimestamp _birthDate()
Overrides:
_birthDate in class com.webobjects.appserver.WOSession

toString

public java.lang.String toString()
Overrides:
toString in class com.webobjects.appserver.WOSession

newDefaultEditingContext

public com.webobjects.eocontrol.EOEditingContext newDefaultEditingContext()

anySession

public static com.webobjects.appserver.WOSession anySession()

session

public static ERXSession session()

currentSessionID

public static java.lang.String currentSessionID()

setSession

public static void setSession(ERXSession session)

useSecureSessionCookies

public boolean useSecureSessionCookies()
Override and return true, or set er.extensions.ERXSession.useSecureSessionCookies if you want secure-only session and instance cookies. This prevents cookie hijacking man-in-the-middle attacks. If the cookies aren't set as secure only and an HTTP request is made, the cookies will be sent over HTTP. So if someone manages to do an HTTP injection that causes an HTTP request to be made, they can compromise your session id. For example, if you have a CMS on https://www.mycms.com and you set a session id, and I hack in and trick your site and manage to do an injection where i do an in the content, like I post in a comment and you don't strip out HTML tags. secure-only just gives you peace-of-mind. If you intended the cookies to only be behind HTTPS, secure-only makes it actually true and enforced. Note that to make this effective (and for sessions to work at all), your site must be behind HTTPS at all times. In development mode, you can disable secure mode (@see er.extensions.ERXRequest.isSecureDisabled) for running in direct-connect with this mode enabled.

Returns:
whether or not secure cookies are enabled

_convertSessionCookiesToSecure

protected void _convertSessionCookiesToSecure(com.webobjects.appserver.WOResponse response)

_appendCookieToResponse

public void _appendCookieToResponse(com.webobjects.appserver.WOResponse response)
Overrides:
_appendCookieToResponse in class com.webobjects.appserver.WOSession

_clearCookieFromResponse

public void _clearCookieFromResponse(com.webobjects.appserver.WOResponse response)
Overrides:
_clearCookieFromResponse in class com.webobjects.appserver.WOSession

timeZone

public java.util.TimeZone timeZone()

setTimeZone

public void setTimeZone(java.util.TimeZone timeZone)

autoAdjustTimeZone

public static boolean autoAdjustTimeZone()
If the property er.extensions.ERXSession.autoAdjustTimeZone=true then WOStrings and WOTextFields with dateFormat bindings will be have their formatter automatically adjusted for the selected session time zone.

Returns:
value of er.extensions.ERXSession.autoAdjustTimeZone property. Default is false.

Last updated: Tue, Feb 21, 2017 • 05:45 PM CET

Copyright © 2002 – 2007 Project Wonder.