/** * Adds a session version cookie to the response if necessary. */ private void addSessionVersionCookie(Request request, StandardContext context) { Map<String, String> sessionVersions = request.getSessionVersionsRequestAttribute(); if (sessionVersions != null) { Cookie cookie = new Cookie( Globals.SESSION_VERSION_COOKIE_NAME, RequestUtil.createSessionVersionString(sessionVersions)); request.configureSessionCookie(cookie); if (request.isRequestedSessionIdFromCookie()) { /* * Have the JSESSIONIDVERSION cookie inherit the * security setting of the JSESSIONID cookie to avoid * session loss when switching from HTTPS to HTTP, * see IT 7414 */ cookie.setSecure( request.isRequestedSessionIdFromSecureCookie()); } grizzlyResponse.addHeader(SET_COOKIE_HEADER, response.getCookieString(cookie)); } }
/** * Encode the session identifier associated with this response * into the specified URL, if necessary. * * @param url URL to be encoded */ public String encodeURL(String url) { String absolute = toAbsolute(url); if (isEncodeable(absolute)) { // W3c spec clearly said if (url.equalsIgnoreCase("")){ url = absolute; } else if (url.equals(absolute) && !hasPath(url)) { url += '/'; } String sessionVersion = null; Map<String, String> sessionVersions = request.getSessionVersionsRequestAttribute(); if (sessionVersions != null) { sessionVersion = RequestUtil.createSessionVersionString( sessionVersions); } return toEncoded(url, request.getSessionInternal().getIdInternal(), sessionVersion); } else { return url; } }
/** * Encode the session identifier associated with this response * into the specified redirect URL, if necessary. * * @param url URL to be encoded */ public String encodeRedirectURL(String url) { if (isEncodeable(toAbsolute(url))) { String sessionVersion = null; Map<String, String> sessionVersions = request.getSessionVersionsRequestAttribute(); if (sessionVersions != null) { sessionVersion = RequestUtil.createSessionVersionString( sessionVersions); } return toEncoded(url, request.getSessionInternal().getIdInternal(), sessionVersion); } else { return url; } }