/** * Returns {@code true} if session creation is allowed (as determined by the super class's * {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this subject, * {@code false} otherwise. * <p/> * This means session creation is disabled if the super {@link super#isSessionCreationEnabled()} property is {@code false} * or if a request attribute is discovered that turns off sessions for the current request. * * @return {@code true} if session creation is allowed (as determined by the super class's * {@link super#isSessionCreationEnabled()} value and no request-specific override has disabled sessions for this * subject, {@code false} otherwise. * @since 1.2 */ @Override protected boolean isSessionCreationEnabled() { boolean enabled = super.isSessionCreationEnabled(); return enabled && WebUtils._isSessionCreationEnabled(this); }
/** * Returns {@code true} if a session is allowed to be created for a subject-associated request, {@code false} * otherwise. * <p/> * <b>This method exists for Shiro's internal framework needs and should never be called by Shiro end-users. It * could be changed/removed at any time.</b> * * @param requestPairSource a {@link RequestPairSource} instance, almost always a * {@link org.apache.shiro.web.subject.WebSubject WebSubject} instance. * @return {@code true} if a session is allowed to be created for a subject-associated request, {@code false} * otherwise. */ public static boolean _isSessionCreationEnabled(Object requestPairSource) { if (requestPairSource instanceof RequestPairSource) { RequestPairSource source = (RequestPairSource) requestPairSource; return _isSessionCreationEnabled(source.getServletRequest()); } return true; //by default }
return WebUtils._isSessionCreationEnabled(subject);
public HttpSession getSession(boolean create) { HttpSession httpSession; if (isHttpSessions()) { httpSession = super.getSession(false); if (httpSession == null && create) { //Shiro 1.2: assert that creation is enabled (SHIRO-266): if (WebUtils._isSessionCreationEnabled(this)) { httpSession = super.getSession(create); } else { throw newNoSessionCreationException(); } } } else { boolean existing = getSubject().getSession(false) != null; if (this.session == null || !existing) { Session shiroSession = getSubject().getSession(create); if (shiroSession != null) { this.session = new ShiroHttpSession(shiroSession, this, this.servletContext); if (!existing) { setAttribute(REFERENCED_SESSION_IS_NEW, Boolean.TRUE); } } else if (this.session != null) { this.session = null; } } httpSession = this.session; } return httpSession; }