er.extensions.appserver
Class ERXSession

java.lang.Object
  com.webobjects.appserver.WOSession
      er.extensions.appserver.ajax.ERXAjaxSession
          er.extensions.appserver.ERXSession

All Implemented Interfaces:

com.webobjects.foundation.NSKeyValueCoding, com.webobjects.foundation.NSKeyValueCoding.ErrorHandling, com.webobjects.foundation.NSKeyValueCodingAdditions, java.io.Serializable, java.lang.Cloneable

public class ERXSession
extends ERXAjaxSession
implements java.io.Serializable

The ERXSession aguments the regular WOSession object by adding a few nice additions. Of interest, notifications are now posted when a session when a session goes to sleep, David Neumann's browser backtracking detection has been added from his security framework, a somewhat comprehensive user-agent parsing is provided to know what type of browser is being used, flags have also been added to tell if javascript has been enabled, and enhanced localization support has been added.

See Also:

Serialized Form

Nested Class Summary

static class

ERXSession.Observer The Observer inner class encapsulates functions to handle various notifications.

Nested classes/interfaces inherited from interface com.webobjects.foundation.NSKeyValueCodingAdditions

com.webobjects.foundation.NSKeyValueCodingAdditions.DefaultImplementation, com.webobjects.foundation.NSKeyValueCodingAdditions.Utility

Nested classes/interfaces inherited from interface com.webobjects.foundation.NSKeyValueCoding

com.webobjects.foundation.NSKeyValueCoding._BooleanFieldBinding, com.webobjects.foundation.NSKeyValueCoding._BooleanMethodBinding, com.webobjects.foundation.NSKeyValueCoding._FieldBinding, com.webobjects.foundation.NSKeyValueCoding._ForwardingBinding, com.webobjects.foundation.NSKeyValueCoding._KeyBinding, com.webobjects.foundation.NSKeyValueCoding._KeyBindingCreation, com.webobjects.foundation.NSKeyValueCoding._MethodBinding, com.webobjects.foundation.NSKeyValueCoding._NumberFieldBinding, com.webobjects.foundation.NSKeyValueCoding._NumberMethodBinding, com.webobjects.foundation.NSKeyValueCoding._ReflectionKeyBindingCreation, com.webobjects.foundation.NSKeyValueCoding.ErrorHandling, com.webobjects.foundation.NSKeyValueCoding.Null, com.webobjects.foundation.NSKeyValueCoding.UnknownKeyException, com.webobjects.foundation.NSKeyValueCoding.ValueAccessor

Field Summary

protected com.webobjects.foundation.NSMutableDictionary	_debuggingStore holds a debugging store for a given session.
protected java.lang.Boolean	_didBacktrack flag to indicate if the user is currently backtracking, meaning they hit the back button and then clicked on a link.
protected java.lang.Boolean	_javaScriptEnabled flag for if java script is enabled
java.lang.String	_originalThreadName _originalThreadName holds the original name from the WorkerThread which is the value before executing awake()
static java.lang.String	JAVASCRIPT_ENABLED_COOKIE_NAME cookie name that if set it means that the user has cookies enabled
boolean	lastActionWasDA flag to indicate if the last action was a direct action
static org.apache.log4j.Logger	log logging support
static java.lang.String	SessionWillAwakeNotification Notification name that is posted after a session wakes up.
static java.lang.String	SessionWillSleepNotification Notification name that is posted when a session is about to sleep.

Fields inherited from class er.extensions.appserver.ajax.ERXAjaxSession

_permanentContextIDArray, _permanentPageCache, DONT_STORE_PAGE, FORCE_STORE_PAGE, PAGE_REPLACEMENT_CACHE_LOOKUP_KEY

Fields inherited from class com.webobjects.appserver.WOSession

_componentState, _httpSession, _httpSessionWatcher, SessionDidCreateNotification, SessionDidRestoreNotification, SessionDidTimeOutNotification

Fields inherited from interface com.webobjects.foundation.NSKeyValueCoding.ErrorHandling

_CLASS

Fields inherited from interface com.webobjects.foundation.NSKeyValueCodingAdditions

_CLASS, _KeyPathSeparatorChar, KeyPathSeparator

Fields inherited from interface com.webobjects.foundation.NSKeyValueCoding

NullValue

Constructor Summary

ERXSession()

ERXSession(java.lang.String sessionID)

Method Summary

void	_appendCookieToResponse(com.webobjects.appserver.WOResponse response)
com.webobjects.foundation.NSTimestamp	_birthDate()
void	_clearCookieFromResponse(com.webobjects.appserver.WOResponse response)
protected void	_convertSessionCookiesToSecure(com.webobjects.appserver.WOResponse response)
static com.webobjects.appserver.WOSession	anySession()
void	appendToResponse(com.webobjects.appserver.WOResponse aResponse, com.webobjects.appserver.WOContext aContext) Provides automatic encoding support for component action with messageEncoding object.
ERXApplication	application() Bringing application into KVC.
static boolean	autoAdjustTimeZone() If the property er.extensions.ERXSession.autoAdjustTimeZone=true then WOStrings and WOTextFields with dateFormat bindings will be have their formatter automatically adjusted for the selected session time zone.
com.webobjects.foundation.NSArray	availableLanguagesForTheApplication() Returns the NSArray of language names available for this application.
com.webobjects.foundation.NSArray	availableLanguagesForThisSession() Returns the NSArray of language names available for this particular session.
void	awake() Overridden to provide a few checks to see if javascript is enabled.
ERXBrowser	browser() Returns the browser object representing the web browser's "user-agent" string.
static java.lang.String	currentSessionID()
com.webobjects.foundation.NSMutableDictionary	debuggingStore() Simple mutable dictionary that can be used at runtime to stash objects that can be useful for debugging.
com.webobjects.eocontrol.EOEditingContext	defaultEditingContext() Ensures that the returned editingContext was created with the ERXEC factory.
boolean	didBacktrack() Method inspects the passed in request to see if the user backtracked.
boolean	javaScriptEnabled() Returns if this user has javascript enabled.
java.lang.String	language() Returns the primary language of the current session's localizer.
ERXLocalizer	localizer() Method to get the current localizer for this session.
ERXMessageEncoding	messageEncoding() Returns the message encoding of the current session.
com.webobjects.eocontrol.EOEditingContext	newDefaultEditingContext()
com.webobjects.foundation.NSKeyValueCodingAdditions	objectStore() This is a cover method which enables use of the session's object store which is usually access with setObjectForKey and objectForKey.
ERXSession.Observer	observer() returns the observer object for this session.
java.lang.String	requestsContextID(com.webobjects.appserver.WORequest aRequest) Utility method that gets the context ID string from the passed in request.
static ERXSession	session()
void	setDefaultEditingContext(com.webobjects.eocontrol.EOEditingContext ec)
void	setJavaScriptEnabled(boolean newValue) Sets if javascript is enabled for this session.
void	setLanguage(java.lang.String language) Cover method to set the current localizer to the localizer for that language.
void	setLanguages(com.webobjects.foundation.NSArray languageList) Sets the languages list for which the session is localized.
static void	setSession(ERXSession session)
void	setTimeZone(java.util.TimeZone timeZone)
void	sleep() Overridden to post the notification that the session will sleep.
void	takeValuesFromRequest(com.webobjects.appserver.WORequest aRequest, com.webobjects.appserver.WOContext aContext) Provides automatic encoding support for component action with messageEncoding object.
void	terminate() Overrides terminate to free up resources and unregister for notifications.
java.lang.String	threadName() override this method in order to provide a different name for the WorkerThread for this rr loop very useful for logging stuff: assign a log statement to a log entry.
java.util.TimeZone	timeZone()
java.lang.String	toString()
boolean	useSecureSessionCookies() Override and return true, or set er.extensions.ERXSession.useSecureSessionCookies if you want secure-only session and instance cookies.

Methods inherited from class er.extensions.appserver.ajax.ERXAjaxSession

_permanentPageCache, _permanentPageWithContextID, _saveCurrentPage, _shouldPutInPermanentCache, cleanPageReplacementCacheIfNecessary, cleanPageReplacementCacheIfNecessary, restorePageForContextID, savePage, savePageInPermanentCache

Methods inherited from class com.webobjects.appserver.WOSession

_allowToViewEvents, _allowToViewStatistics, _awakeInContext, _contextCounter, _contextDidIncrementContextID, _contextIDMatchingIDs, _formattedStatistics, _keyEnumerator, _lifeInMillis, _requestCounter, _setContext, _setHttpSession, _setHttpSessionWatcher, _setSessionID, _sleepInContext, _terminateByJ2EE, _terminateByTimeout, allowedToViewEvents, allowedToViewStatistics, canAccessFieldsDirectly, clone, context, debugString, domainForIDCookies, expirationDateForIDCookies, handleQueryWithUnboundKey, handleTakeValueForUnboundKey, invokeAction, isDistributionEnabled, isTerminating, languages, logString, objectForKey, removeObjectForKey, sessionID, setDistributionEnabled, setObjectForKey, setStoresIDsInCookies, setStoresIDsInURLs, setTimeOut, statistics, storesIDsInCookies, storesIDsInURLs, takeValueForKey, takeValueForKeyPath, timeOut, timeOutForIDCookies, timeOutMillis, unableToSetNullForKey, validateEventsLogin, validateStatisticsLogin, validationFailedWithException, valueForKey, valueForKeyPath

Methods inherited from class java.lang.Object

equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

Field Detail

log

public static final org.apache.log4j.Logger log

logging support

SessionWillAwakeNotification

public static final java.lang.String SessionWillAwakeNotification

Notification name that is posted after a session wakes up.

See Also:

Constant Field Values

SessionWillSleepNotification

public static final java.lang.String SessionWillSleepNotification

Notification name that is posted when a session is about to sleep.

See Also:

Constant Field Values

JAVASCRIPT_ENABLED_COOKIE_NAME

public static final java.lang.String JAVASCRIPT_ENABLED_COOKIE_NAME

cookie name that if set it means that the user has cookies enabled

See Also:

Constant Field Values

_javaScriptEnabled

protected java.lang.Boolean _javaScriptEnabled

flag for if java script is enabled

_debuggingStore

protected com.webobjects.foundation.NSMutableDictionary _debuggingStore

holds a debugging store for a given session.

_originalThreadName

public java.lang.String _originalThreadName

_originalThreadName holds the original name from the WorkerThread which is the value before executing awake()

_didBacktrack

protected java.lang.Boolean _didBacktrack

flag to indicate if the user is currently backtracking, meaning they hit the back button and then clicked on a link.

lastActionWasDA

public boolean lastActionWasDA

flag to indicate if the last action was a direct action

Constructor Detail

ERXSession

public ERXSession()

ERXSession

public ERXSession(java.lang.String sessionID)

Method Detail

observer

public ERXSession.Observer observer()

returns the observer object for this session. If it doesn't ever exist, one will be created.

Returns:

the observer

localizer

public ERXLocalizer localizer()

Method to get the current localizer for this session. If local instance variable is null then a localizer is fetched for the session's languages array. See ERXLocalizer for more information about using a localizer.

Returns:

the current localizer for this session

language

public java.lang.String language()

Returns the primary language of the current session's localizer. This method is just a cover for calling the method localizer().language().

Returns:

primary language

setLanguage

public void setLanguage(java.lang.String language)

Cover method to set the current localizer to the localizer for that language.

Also updates languages list with the new single language.

Parameters:

language - to set the current localizer for.

See Also:

language(), setLanguages(com.webobjects.foundation.NSArray)

setLanguages

public void setLanguages(com.webobjects.foundation.NSArray languageList)

Sets the languages list for which the session is localized. The ordering of language strings in the array determines the order in which the application will search .lproj directories for localized strings, images, and component definitions.

Also updates localizer and messageEncodings.

Overrides:

setLanguages in class com.webobjects.appserver.WOSession

Parameters:

languageList - the array of languages for the session

See Also:

language(), setLanguage(java.lang.String)

availableLanguagesForTheApplication

public com.webobjects.foundation.NSArray availableLanguagesForTheApplication()

Returns the NSArray of language names available for this application. This is simply a cover method of ERXLocalizer#availableLanguages, but will be convenient for binding to dynamic elements like language selector popup.

Returns:

NSArray of language name strings available for this application

See Also:

availableLanguagesForThisSession(), ERXLocalizer#availableLanguages

availableLanguagesForThisSession

public com.webobjects.foundation.NSArray availableLanguagesForThisSession()

Returns the NSArray of language names available for this particular session. The resulting array is an intersect of web browser's language array (ERXRequest#browserLanguages) and localizer's available language array (ERXLocalizer#availableLanguages).

Note that the order of the resulting language names is not defined at this morment.

Returns:

NSArray of language name strings available for this particular session

See Also:

availableLanguagesForTheApplication(), ERXRequest#browserLanguages, ERXLocalizer#availableLanguages

messageEncoding

public ERXMessageEncoding messageEncoding()

Returns the message encoding of the current session. If it's not already set up but no current language() available for the session, it creates one with the default encoding.

Returns:

message encoding object

browser

public ERXBrowser browser()

Returns the browser object representing the web browser's "user-agent" string. You can obtain browser name, version, platform and Mozilla version, etc. through this object.
Good for WOConditional's condition binding to deal with different browser versions.

Returns:

browser object

debuggingStore

public com.webobjects.foundation.NSMutableDictionary debuggingStore()

Simple mutable dictionary that can be used at runtime to stash objects that can be useful for debugging.

Returns:

debugging store dictionary

defaultEditingContext

public com.webobjects.eocontrol.EOEditingContext defaultEditingContext()

Ensures that the returned editingContext was created with the ERXEC factory.

Overrides:

defaultEditingContext in class com.webobjects.appserver.WOSession

Returns:

the session's default editing context with the default delegate set.

setDefaultEditingContext

public void setDefaultEditingContext(com.webobjects.eocontrol.EOEditingContext ec)

Overrides:

setDefaultEditingContext in class com.webobjects.appserver.WOSession

javaScriptEnabled

public boolean javaScriptEnabled()

Returns if this user has javascript enabled. This checks a form value "javaScript" and a cookie "js" if the value is 1.

Returns:

if js is enabled, defaults to true.

setJavaScriptEnabled

public void setJavaScriptEnabled(boolean newValue)

Sets if javascript is enabled for this session. crafty entry pages can set form values via javascript to test if it is enabled.

Parameters:

newValue - says if javascript is enabled

awake

public void awake()

Overridden to provide a few checks to see if javascript is enabled.

Overrides:

awake in class com.webobjects.appserver.WOSession

sleep

public void sleep()

Overridden to post the notification that the session will sleep.

Overrides:

sleep in class com.webobjects.appserver.WOSession

threadName

public java.lang.String threadName()

override this method in order to provide a different name for the WorkerThread for this rr loop very useful for logging stuff: assign a log statement to a log entry. Something useful could be: return session().sessionID() + valueForKeyPath("user.username");

requestsContextID

public java.lang.String requestsContextID(com.webobjects.appserver.WORequest aRequest)

Utility method that gets the context ID string from the passed in request.

Parameters:

aRequest - request to get the context id from

Returns:

the context id as a string

didBacktrack

public boolean didBacktrack()

Method inspects the passed in request to see if the user backtracked. If the context ID for the request is 2 clicks less than the context ID for the current WOContext, we know the backtracked.

Returns:

if the user has backtracked or not.

takeValuesFromRequest

public void takeValuesFromRequest(com.webobjects.appserver.WORequest aRequest,
                                  com.webobjects.appserver.WOContext aContext)

Provides automatic encoding support for component action with messageEncoding object.

Overrides:

takeValuesFromRequest in class com.webobjects.appserver.WOSession

Parameters:

aRequest - current request

aContext - current context

appendToResponse

public void appendToResponse(com.webobjects.appserver.WOResponse aResponse,
                             com.webobjects.appserver.WOContext aContext)

Provides automatic encoding support for component action with messageEncoding object.

Overrides:

appendToResponse in class com.webobjects.appserver.WOSession

Parameters:

aResponse - current response object

aContext - current context object

application

public ERXApplication application()

Bringing application into KVC.

terminate

public void terminate()

Overrides terminate to free up resources and unregister for notifications.

Overrides:

terminate in class com.webobjects.appserver.WOSession

objectStore

public com.webobjects.foundation.NSKeyValueCodingAdditions objectStore()

This is a cover method which enables use of the session's object store which is usually access with setObjectForKey and objectForKey. One can use this method with KVC, like for example in .wod bindings: myString: WOString { value = session.objectStore.myLastSearchResult.count; }

Returns:

an Object which implements KVC + KVC additions

_birthDate

public com.webobjects.foundation.NSTimestamp _birthDate()

Overrides:

_birthDate in class com.webobjects.appserver.WOSession

toString

public java.lang.String toString()

Overrides:

toString in class com.webobjects.appserver.WOSession

newDefaultEditingContext

public com.webobjects.eocontrol.EOEditingContext newDefaultEditingContext()

anySession

public static com.webobjects.appserver.WOSession anySession()

session

public static ERXSession session()

currentSessionID

public static java.lang.String currentSessionID()

setSession

public static void setSession(ERXSession session)

useSecureSessionCookies

public boolean useSecureSessionCookies()

Override and return true, or set er.extensions.ERXSession.useSecureSessionCookies if you want secure-only session and instance cookies. This prevents cookie hijacking man-in-the-middle attacks. If the cookies aren't set as secure only and an HTTP request is made, the cookies will be sent over HTTP. So if someone manages to do an HTTP injection that causes an HTTP request to be made, they can compromise your session id. For example, if you have a CMS on https://www.mycms.com and you set a session id, and I hack in and trick your site and manage to do an injection where i do an in the content, like I post in a comment and you don't strip out HTML tags. secure-only just gives you peace-of-mind. If you intended the cookies to only be behind HTTPS, secure-only makes it actually true and enforced. Note that to make this effective (and for sessions to work at all), your site must be behind HTTPS at all times. In development mode, you can disable secure mode (@see er.extensions.ERXRequest.isSecureDisabled) for running in direct-connect with this mode enabled.

Returns:

whether or not secure cookies are enabled

_convertSessionCookiesToSecure

protected void _convertSessionCookiesToSecure(com.webobjects.appserver.WOResponse response)

_appendCookieToResponse

public void _appendCookieToResponse(com.webobjects.appserver.WOResponse response)

Overrides:

_appendCookieToResponse in class com.webobjects.appserver.WOSession

_clearCookieFromResponse

public void _clearCookieFromResponse(com.webobjects.appserver.WOResponse response)

Overrides:

_clearCookieFromResponse in class com.webobjects.appserver.WOSession

timeZone

public java.util.TimeZone timeZone()

setTimeZone

public void setTimeZone(java.util.TimeZone timeZone)

autoAdjustTimeZone

public static boolean autoAdjustTimeZone()

If the property er.extensions.ERXSession.autoAdjustTimeZone=true then WOStrings and WOTextFields with dateFormat bindings will be have their formatter automatically adjusted for the selected session time zone.

Returns:

value of er.extensions.ERXSession.autoAdjustTimeZone property. Default is false.