/** * Replaces the underlying (Web)Session, invalidating the current one and creating a new one. By * calling {@link ISessionStore#invalidate(Request)} and {@link #bind()} * * If you are looking for a mean against session fixation attack, consider to use {@link #changeSessionId()}. */ public void replaceSession() { destroy(); bind(); }
/** * @see org.apache.wicket.page.IPageManagerContext#bind() */ @Override public void bind() { Session.get().bind(); }
/** * Replaces the underlying (Web)Session, invalidating the current one and creating a new one. By * calling {@link ISessionStore#invalidate(Request)} and {@link #bind()} * * If you are looking for a mean against session fixation attack, consider to use {@link #changeSessionId()}. */ public void replaceSession() { destroy(); bind(); }
/** * @see org.apache.wicket.page.IPageManagerContext#bind() */ @Override public void bind() { Session.get().bind(); }
/** * checks on existing session, if there isn't one it will be created. * * @param session current session to bind */ protected void assertBoundSession(Session session) { if (session.isTemporary()) { session.bind(); } }
/** * checks on existing session, if there isn't one it will be created. */ private void assertBoundSession() { Session session = Session.get(); if (session.isTemporary()) { session.bind(); } } }
/** * Bind the session if there are feedback messages pending. * https://issues.apache.org/jira/browse/WICKET-5165 */ private void bindSessionIfNeeded() { // check for session feedback messages only FeedbackCollector collector = new FeedbackCollector(); List<FeedbackMessage> feedbackMessages = collector.collect(); if (feedbackMessages.size() > 0) { Session.get().bind(); } }
/** * Bind the session if there are feedback messages pending. * https://issues.apache.org/jira/browse/WICKET-5165 */ private void bindSessionIfNeeded() { // check for session feedback messages only FeedbackCollector collector = new FeedbackCollector(); List<FeedbackMessage> feedbackMessages = collector.collect(); if (feedbackMessages.size() > 0) { Session.get().bind(); } }
public ScriptExecutor getScriptExecutor() { Session session = Session.get(); String sessionId = session.getId(); ScriptExecutor executor = sessionId!=null?scriptExecutorsCache.get(sessionId):null; if(executor==null) { executor = new ScriptExecutor(); if(session.isTemporary()) session.bind(); scriptExecutorsCache.put(sessionId, executor); } return executor; } }
/** {@inheritDoc} */ @Override public IRequestTarget resolve(RequestCycle rc, RequestParameters rp) { if (portConfig != null && portConfig.isPreferStateful()) { // we need to persist the session before a redirect to https so the session lasts across // both http and https calls. Session.get().bind(); } IRequestTarget target = super.resolve(rc, rp); return checkSecure(target); }
@Override public ICrypt newCrypt() { Session session = Session.get(); session.bind(); // retrieve or generate encryption key from session String key = session.getMetaData(KEY); if (key == null) { // generate new key key = session.getId() + "." + UUID.randomUUID().toString(); session.setMetaData(KEY, key); } // build the crypt based on session key ICrypt crypt = createCrypt(); crypt.setKey(key); return crypt; }
/** * Replaces the underlying (Web)Session, invalidating the current one and creating a new one. By * calling {@link ISessionStore#invalidate(Request)} and {@link #bind()} * <p> * Call upon login to protect against session fixation. * * @see "http://www.owasp.org/index.php/Session_Fixation" */ public void replaceSession() { getSessionStore().invalidate(RequestCycle.get().getRequest()); bind(); }
@Override public ICrypt newCrypt() { Session session = Session.get(); session.bind(); // retrieve or generate encryption key from session String key = session.getMetaData(KEY); if (key == null) { // generate new key key = session.getId() + "." + UUID.randomUUID().toString(); session.setMetaData(KEY, key); } // build the crypt based on session key ICrypt crypt = createCrypt(); crypt.setKey(key); return crypt; }
protected void onBeforeRender() { super.onBeforeRender(); // If any of the components on page is not stateless, we need to bind the session // before we start rendering components, as then jsessionid won't be appended // for links rendered before first stateful component if (getSession().isTemporary() && !isPageStateless()) { getSession().bind(); } }
@Override public void respond(IRequestCycle requestCycle) { String location = url; if (location.startsWith("/")) { // context-absolute url location = requestCycle.getUrlRenderer().renderContextRelativeUrl(location); } if (config.isPreferStateful()) { // we need to persist the session before a redirect to https so the session lasts // across both http and https calls. Session.get().bind(); } WebResponse response = (WebResponse)requestCycle.getResponse(); response.sendRedirect(location); } }
/** * Store the buffered response at application level. If current session is * temporary, a permanent one is created. * * @param url * @param response */ protected void storeBufferedResponse(Url url, BufferedWebResponse response) { if (isSessionTemporary()) { Session.get().bind(); } WebApplication.get().storeBufferedResponse(getSessionId(), url, response); }
/** * Store the buffered response at application level. If current session is * temporary, a permanent one is created. * * @param url * @param response */ protected void storeBufferedResponse(Url url, BufferedWebResponse response) { if (isSessionTemporary()) { Session.get().bind(); } WebApplication.get().storeBufferedResponse(getSessionId(), url, response); }
@Override protected void onBeforeRender() { // Make sure it is really empty renderedComponents = null; // rendering might remove or add stateful components, so clear flag to force reevaluation stateless = null; super.onBeforeRender(); // If any of the components on page is not stateless, we need to bind the session // before we start rendering components, as then jsessionid won't be appended // for links rendered before first stateful component if (getSession().isTemporary() && !peekPageStateless()) { getSession().bind(); } }
@Override protected void onBeforeRender() { // Make sure it is really empty renderedComponents = null; // rendering might remove or add stateful components, so clear flag to force reevaluation stateless = null; super.onBeforeRender(); // If any of the components on page is not stateless, we need to bind the session // before we start rendering components, as then jsessionid won't be appended // for links rendered before first stateful component if (getSession().isTemporary() && !peekPageStateless()) { getSession().bind(); } }
/** * * @see org.apache.wicket.Component#onBeforeRender() */ @Override protected void onBeforeRender() { super.onBeforeRender(); // If any of the components on page is not stateless, we need to bind the session // before we start rendering components, as then jsessionid won't be appended // for links rendered before first stateful component if (getSession().isTemporary() && !peekPageStateless()) { getSession().bind(); } }