mod_servlet
C++Servlets
 All Classes Files Functions Variables Typedefs Macros Pages
Public Types | Public Member Functions | Protected Member Functions | Protected Attributes | List of all members
servlet::http_session Class Referenceabstract

Provides a way to identify a user across more than one page request or visit to a Web site and to store information about that user. More...

#include <session.h>

Inheritance diagram for servlet::http_session:
servlet::any_map< _MapType >

Public Types

typedef
std::chrono::time_point
< std::chrono::system_clock,
typename
std::chrono::system_clock::duration > 		time_type
 Type to be returned with get_creation_time and get_last_accessed_time.
 
- Public Types inherited from servlet::any_map< _MapType >
typedef _MapType map_type
 Type definition for this map implementation.
 
typedef map_type::key_type key_type
 Container's key type.
 
typedef map_type::mapped_type mapped_type
 Container's mapped type.
 
typedef map_type::value_type value_type
 Container's value type: std::pair<const key_type, mapped_type>
 
typedef map_type::allocator_type allocator_type
 Container's allocator type.
 
typedef value_typereference
 value_type&
 
typedef const value_typeconst_reference
 const value_type&
 
typedef map_type::pointer pointer
 Pointer type to value_type.
 
typedef map_type::const_pointer const_pointer
 Constant pointer type to value_type.
 
typedef map_type::size_type size_type
 An unsigned integral type to represent the size of this container.
 
typedef map_type::difference_type difference_type
 A signed integral type to represent distance between iterators.
 
typedef map_type::iterator iterator
 Bidirectional iterator type.
 
typedef map_type::const_iterator const_iterator
 Bidirectional constant iterator type.
 
typedef map_type::reverse_iterator reverse_iterator
 Reverse iterator type.
 
typedef
map_type::const_reverse_iterator 		const_reverse_iterator
 Constant reverse iterator type.
 

Public Member Functions

const std::string & get_id () const
 Returns a string containing the unique identifier assigned to this session. More...
 
time_type get_creation_time () const
 Returns the time when this session was created as recorded by std::chrono::system_clock. More...
 
time_type get_last_accessed_time () const
 Returns the last time the client sent a request associated with this session, as recorded by std::chrono::system_clock, and marked by the time the container received the request. More...
 
bool is_new () const
 Returns true if the client does not yet know about the session or if the client chooses not to join the session. More...
 
void set_principal (principal *p)
 Set the authenticated principal that is associated with this session. More...
 
void set_principal (std::shared_ptr< principal > p)
 Set the authenticated principal that is associated with this session. More...
 
void set_principal (std::unique_ptr< principal > &&p)
 Set the authenticated principal that is associated with this session. More...
 
std::shared_ptr< principalget_principal () const
 Return the authenticated principal that is associated with this session. More...
 
- Public Member Functions inherited from servlet::any_map< _MapType >
 any_map ()=default
 Constructs an empty container, with no elements.
 
template<typename... Args>
 any_map (Args &&...args)
 Forwarding constructor. More...
 
 ~any_map ()=default
 Destroys the object.
 
template<typename... Args>
any_mapoperator= (Args &&...args)
 Forwarding assignment. More...
 
template<typename KeyType >
bool contains_key (const KeyType &key) const
 Tests whether value with a given key exists in this container. More...
 
template<typename T , typename KeyType >
optional_ref< const T > get (const KeyType &key) const
 Returns optional_ref object to a value with a specified type, if that value exists and can be casted to the requested type. More...
 
template<typename T , typename KeyType >
optional_ref< T > get (const KeyType &key)
 Returns optional_ref object to a value with a specified type, if that value exists and can be casted to the requested type. More...
 
template<typename T , typename... Args>
T & ensure_get (key_type &&key, Args &&...args)
 Returns reference to a value with a specified type, if that value exists and can be casted to the requested type. More...
 
template<typename T , typename... Args>
T & ensure_get (const key_type &key, Args &&...args)
 Returns reference to a value with a specified type, if that value exists and can be casted to the requested type. More...
 
template<typename T , typename... Args>
bool put (key_type &&key, Args &&...args)
 Associates a value of specified type created with a given arguments with the specified key in this map. More...
 
template<typename T , typename... Args>
bool put (const key_type &key, Args &&...args)
 Associates a value of specified type created with a given arguments with the specified key in this map. More...
 

Protected Member Functions

 http_session (const string_view &client_ip, const string_view &user_agent)
 Protected constructor. More...
 
virtual void validate (const string_view &client_ip, const string_view &user_agent)=0
 Validates client IP and user agent against this session ones. More...
 
virtual void reset_session_id ()
 Resets session_id for this session. More...
 

Protected Attributes

std::string _client_ip
 Client IP string.
 
std::string _user_agent
 User agent string.
 
bool _new = true
 New flag for this session. More...
 
time_type _last_accessed
 Last accessed timestamp. More...
 

Detailed Description

Provides a way to identify a user across more than one page request or visit to a Web site and to store information about that user.

The servlet container uses this interface to create a session between an HTTP client and an HTTP server. The session persists for a specified time period, across more than one connection or page request from the user. A session usually corresponds to one user, who may visit a site many times. The server can maintain a session in many ways such as using cookies or rewriting URLs.

This interface allows servlets to

  • View and manipulate information about a session, such as the session identifier, last accessed time
  • Bind objects to sessions, allowing user information to persist across multiple user connections

A servlet should be able to handle cases in which the client does not choose to join a session, such as when cookies are intentionally turned off. Until the client joins the session, is_new returns true. If the client chooses not to join the session, http_request::get_session will return a different session on each request, and is_new will always return true.

Session information is scoped only to the current web application (servlet_context), so information stored in one context will not be directly visible in another.

Constructor & Destructor Documentation

servlet::http_session::http_session ( const string_view &  client_ip,
const string_view &  user_agent 
)
protected

Protected constructor.

Parameters
client_ipClient IP for which this session is being created
user_agentUser agent for which this session is being created

Member Function Documentation

time_type servlet::http_session::get_creation_time ( ) const
inline

Returns the time when this session was created as recorded by std::chrono::system_clock.

Returns
a time_type specifying when this session was created.
const std::string& servlet::http_session::get_id ( ) const
inline

Returns a string containing the unique identifier assigned to this session.

The identifier is assigned by the servlet container and is implementation dependent.

Returns
a string specifying the identifier assigned to this session
time_type servlet::http_session::get_last_accessed_time ( ) const
inline

Returns the last time the client sent a request associated with this session, as recorded by std::chrono::system_clock, and marked by the time the container received the request.

Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time.

Returns
a time_type representing the last time the client sent a request associated with this session
std::shared_ptr<principal> servlet::http_session::get_principal ( ) const
inline

Return the authenticated principal that is associated with this session.

This provides an authenticator with a means to cache a previously authenticated principal, and avoid potentially expensive authenticate calls on every request.

Returns
principal associated with this session or empty std::shared_ptr.
bool servlet::http_session::is_new ( ) const
inline

Returns true if the client does not yet know about the session or if the client chooses not to join the session.

For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request.

Returns
true if the server has created a session, but the client has not yet joined
virtual void servlet::http_session::reset_session_id ( )
protectedvirtual

Resets session_id for this session.

This method can be used if generated random session_id already taken by other session.

void servlet::http_session::set_principal ( principal p)
inline

Set the authenticated principal that is associated with this session.

This provides an authenticator with a means to cache a previously authenticated principal, and avoid potentially expensive authenticate calls on every request.

Parameters
pThe new principal, or nullptr if none.
void servlet::http_session::set_principal ( std::shared_ptr< principal p)
inline

Set the authenticated principal that is associated with this session.

This is a std::shared_ptr version of call set_principal(principal*)

Parameters
pstd::shared_ptr to the new principal.
See Also
set_principal(principal*)
void servlet::http_session::set_principal ( std::unique_ptr< principal > &&  p)
inline

Set the authenticated principal that is associated with this session.

This is a std::unique_ptr version of call set_principal(principal*)

Parameters
pstd::unique_ptr to the new principal.
See Also
set_principal(principal*)
virtual void servlet::http_session::validate ( const string_view &  client_ip,
const string_view &  user_agent 
)
protectedpure virtual

Validates client IP and user agent against this session ones.

This method compares client IP and user agent of the client which requests this session and if they don't match stack_security_exception is thrown

Parameters
client_ipClient IP to validate
user_agentUser agent to validate
Exceptions
stack_security_exceptionif client IP of user agent don't match

Member Data Documentation

time_type servlet::http_session::_last_accessed
protected

Last accessed timestamp.

Updated on validation.

See Also
get_last_accessed_time
bool servlet::http_session::_new = true
protected

New flag for this session.

See Also
is_new
The documentation for this class was generated from the following file: