ERXSession Class Reference
Inherits er::extensions::appserver::ajax::ERXAjaxSession, and java::io::Serializable.Inherited by Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, Session, and Session.
Classes | |
| class | Observer |
Public Member Functions | |
| void | _appendCookieToResponse (WOResponse response) |
| NSTimestamp | _birthDate () |
| void | _clearCookieFromResponse (WOResponse response) |
| void | appendToResponse (WOResponse aResponse, WOContext aContext) |
| ERXApplication | application () |
| NSArray | availableLanguagesForTheApplication () |
| NSArray | availableLanguagesForThisSession () |
| void | awake () |
| ERXBrowser | browser () |
| NSMutableDictionary | debuggingStore () |
| EOEditingContext | defaultEditingContext () |
| boolean | didBacktrack () |
| ERXSession (String sessionID) | |
| ERXSession () | |
| boolean | javaScriptEnabled () |
| String | language () |
| ERXLocalizer | localizer () |
| ERXMessageEncoding | messageEncoding () |
| EOEditingContext | newDefaultEditingContext () |
| NSKeyValueCodingAdditions | objectStore () |
| Observer | observer () |
| String | requestsContextID (WORequest aRequest) |
| void | setDefaultEditingContext (EOEditingContext ec) |
| void | setJavaScriptEnabled (boolean newValue) |
| void | setLanguage (String language) |
| void | setLanguages (NSArray languageList) |
| void | setTimeZone (TimeZone timeZone) |
| void | sleep () |
| void | takeValuesFromRequest (WORequest aRequest, WOContext aContext) |
| void | terminate () |
| String | threadName () |
| TimeZone | timeZone () |
| String | toString () |
| boolean | useSecureSessionCookies () |
Static Public Member Functions | |
| static WOSession | anySession () |
| static boolean | autoAdjustTimeZone () |
| static String | currentSessionID () |
| static ERXSession | session () |
| static void | setSession (ERXSession session) |
Public Attributes | |
| String | _originalThreadName |
| boolean | lastActionWasDA = false |
Static Public Attributes | |
| static final String | JAVASCRIPT_ENABLED_COOKIE_NAME = "js" |
| static final Logger | log = Logger.getLogger(ERXSession.class) |
| static final String | SessionWillAwakeNotification = "SessionWillAwakeNotification" |
| static final String | SessionWillSleepNotification = "SessionWillSleepNotification" |
Protected Member Functions | |
| void | _convertSessionCookiesToSecure (WOResponse response) |
Protected Attributes | |
| NSMutableDictionary | _debuggingStore |
| Boolean | _didBacktrack = null |
| Boolean | _javaScriptEnabled |
Private Member Functions | |
| void | readObject (ObjectInputStream stream) throws IOException, ClassNotFoundException |
| void | writeObject (ObjectOutputStream stream) throws IOException |
Private Attributes | |
| transient ERXBrowser | _browser |
| boolean | _editingContextWasCreated = false |
| transient ERXLocalizer | _localizer |
| ERXMessageEncoding | _messageEncoding |
| NSKeyValueCodingAdditions | _objectStore |
| transient Observer | _observer |
| String | _serializableLanguageName |
| TimeZone | _timeZone = TimeZone.getDefault() |
Static Private Attributes | |
| static Boolean | autoAdjustTimeZone |
Detailed Description
The ERXSession aguments the regular WOSession object by adding a few nice additions. Of interest, notifications are now posted when a session when a session goes to sleep, David Neumann's browser backtracking detection has been added from his security framework, a somewhat comprehensive user-agent parsing is provided to know what type of browser is being used, flags have also been added to tell if javascript has been enabled, and enhanced localization support has been added.Constructor & Destructor Documentation
| ERXSession | ( | ) |
| ERXSession | ( | String | sessionID | ) |
Member Function Documentation
| void _appendCookieToResponse | ( | WOResponse | response | ) |
| NSTimestamp _birthDate | ( | ) |
| void _clearCookieFromResponse | ( | WOResponse | response | ) |
| void _convertSessionCookiesToSecure | ( | WOResponse | response | ) | [protected] |
| static WOSession anySession | ( | ) | [static] |
| void appendToResponse | ( | WOResponse | aResponse, | |
| WOContext | aContext | |||
| ) |
| ERXApplication application | ( | ) |
Bringing application into KVC.
| static boolean autoAdjustTimeZone | ( | ) | [static] |
If the property er.extensions.ERXSession.autoAdjustTimeZone=true then WOStrings and WOTextFields with dateFormat bindings will be have their formatter automatically adjusted for the selected session time zone.
- Returns:
- value of er.extensions.ERXSession.autoAdjustTimeZone property. Default is false.
| NSArray availableLanguagesForTheApplication | ( | ) |
Returns the NSArray of language names available for this application. This is simply a cover method of ERXLocalizer#availableLanguages, but will be convenient for binding to dynamic elements like language selector popup.
- Returns:
- NSArray of language name strings available for this application
| NSArray availableLanguagesForThisSession | ( | ) |
Returns the NSArray of language names available for this particular session. The resulting array is an intersect of web browser's language array (ERXRequest#browserLanguages) and localizer's available language array (ERXLocalizer#availableLanguages).
Note that the order of the resulting language names is not defined at this morment.
- Returns:
- NSArray of language name strings available for this particular session
| void awake | ( | ) |
Overridden to provide a few checks to see if javascript is enabled.
Reimplemented in Session.
| ERXBrowser browser | ( | ) |
Returns the browser object representing the web browser's "user-agent" string. You can obtain browser name, version, platform and Mozilla version, etc. through this object.
Good for WOConditional's condition binding to deal with different browser versions.
- Returns:
- browser object
| static String currentSessionID | ( | ) | [static] |
| NSMutableDictionary debuggingStore | ( | ) |
Simple mutable dictionary that can be used at runtime to stash objects that can be useful for debugging.
- Returns:
- debugging store dictionary
| EOEditingContext defaultEditingContext | ( | ) |
Ensures that the returned editingContext was created with the ERXEC factory.
- Returns:
- the session's default editing context with the default delegate set.
| boolean didBacktrack | ( | ) |
Method inspects the passed in request to see if the user backtracked. If the context ID for the request is 2 clicks less than the context ID for the current WOContext, we know the backtracked.
- Returns:
- if the user has backtracked or not.
| boolean javaScriptEnabled | ( | ) |
Returns if this user has javascript enabled. This checks a form value "javaScript" and a cookie "js" if the value is 1.
- Returns:
- if js is enabled, defaults to true.
| String language | ( | ) |
Returns the primary language of the current session's localizer. This method is just a cover for calling the method localizer().language().
- Returns:
- primary language
| ERXLocalizer localizer | ( | ) |
Method to get the current localizer for this session. If local instance variable is null then a localizer is fetched for the session's languages array. See ERXLocalizer for more information about using a localizer.
- Returns:
- the current localizer for this session
| ERXMessageEncoding messageEncoding | ( | ) |
Returns the message encoding of the current session. If it's not already set up but no current language() available for the session, it creates one with the default encoding.
- Returns:
- message encoding object
| EOEditingContext newDefaultEditingContext | ( | ) |
| NSKeyValueCodingAdditions objectStore | ( | ) |
This is a cover method which enables use of the session's object store which is usually access with setObjectForKey and objectForKey. One can use this method with KVC, like for example in .wod bindings:
myString: WOString { value = session.objectStore.myLastSearchResult.count; }
- Returns:
- an Object which implements KVC + KVC additions
| Observer observer | ( | ) |
returns the observer object for this session. If it doesn't ever exist, one will be created.
- Returns:
- the observer
| void readObject | ( | ObjectInputStream | stream | ) | throws IOException, ClassNotFoundException [private] |
| String requestsContextID | ( | WORequest | aRequest | ) |
Utility method that gets the context ID string from the passed in request.
- Parameters:
-
aRequest request to get the context id from
- Returns:
- the context id as a string
| static ERXSession session | ( | ) | [static] |
| void setDefaultEditingContext | ( | EOEditingContext | ec | ) |
Reimplemented in Session.
| void setJavaScriptEnabled | ( | boolean | newValue | ) |
Sets if javascript is enabled for this session. crafty entry pages can set form values via javascript to test if it is enabled.
- Parameters:
-
newValue says if javascript is enabled
| void setLanguage | ( | String | language | ) |
Cover method to set the current localizer to the localizer for that language.
Also updates languages list with the new single language.
- Parameters:
-
language to set the current localizer for.
- See also:
- language
| void setLanguages | ( | NSArray | languageList | ) |
Sets the languages list for which the session is localized. The ordering of language strings in the array determines the order in which the application will search .lproj directories for localized strings, images, and component definitions.
Also updates localizer and messageEncodings.
- Parameters:
-
languageList the array of languages for the session
- See also:
- language
| static void setSession | ( | ERXSession | session | ) | [static] |
| void setTimeZone | ( | TimeZone | timeZone | ) |
| void sleep | ( | ) |
| void takeValuesFromRequest | ( | WORequest | aRequest, | |
| WOContext | aContext | |||
| ) |
Provides automatic encoding support for component action with messageEncoding object.
- Parameters:
-
aRequest current request aContext current context
Reimplemented in Session.
| void terminate | ( | ) |
Overrides terminate to free up resources and unregister for notifications.
| String threadName | ( | ) |
| TimeZone timeZone | ( | ) |
| String toString | ( | ) |
| boolean useSecureSessionCookies | ( | ) |
Override and return true, or set er.extensions.ERXSession.useSecureSessionCookies if you want secure-only session and instance cookies. This prevents cookie hijacking man-in-the-middle attacks. If the cookies aren't set as secure only and an HTTP request is made, the cookies will be sent over HTTP. So if someone manages to do an HTTP injection that causes an HTTP request to be made, they can compromise your session id. For example, if you have a CMS on https://www.mycms.com and you set a session id, and I hack in and trick your site and manage to do an injection where i do an
Note that to make this effective (and for sessions to work at all), your site must be behind HTTPS at all times. In development mode, you can disable secure mode (
- See also:
- er.extensions.ERXRequest.isSecureDisabled) for running in direct-connect with this mode enabled.
- Returns:
- whether or not secure cookies are enabled
| void writeObject | ( | ObjectOutputStream | stream | ) | throws IOException [private] |
Member Data Documentation
transient ERXBrowser _browser [private] |
holds a reference to the current browser used for this session
NSMutableDictionary _debuggingStore [protected] |
holds a debugging store for a given session.
Boolean _didBacktrack = null [protected] |
flag to indicate if the user is currently backtracking, meaning they hit the back button and then clicked on a link.
boolean _editingContextWasCreated = false [private] |
Boolean _javaScriptEnabled [protected] |
flag for if java script is enabled
transient ERXLocalizer _localizer [private] |
holds a reference to the current localizer used for this session
ERXMessageEncoding _messageEncoding [private] |
holds a reference to the current message encoding used for this session
NSKeyValueCodingAdditions _objectStore [private] |
_originalThreadName holds the original name from the WorkerThread which is the value before executing awake()
String _serializableLanguageName [private] |
special variable to hold language name only for when session object gets serialized. Do not use this value to get the language name; use language method instead.
TimeZone _timeZone = TimeZone.getDefault() [private] |
the default session timeZone
Boolean autoAdjustTimeZone [static, private] |
final String JAVASCRIPT_ENABLED_COOKIE_NAME = "js" [static] |
cookie name that if set it means that the user has cookies enabled
| boolean lastActionWasDA = false |
flag to indicate if the last action was a direct action
final Logger log = Logger.getLogger(ERXSession.class) [static] |
final String SessionWillAwakeNotification = "SessionWillAwakeNotification" [static] |
Notification name that is posted after a session wakes up.
final String SessionWillSleepNotification = "SessionWillSleepNotification" [static] |
Notification name that is posted when a session is about to sleep.
The documentation for this class was generated from the following file:
- /opt/source/Wonder/Frameworks/Core/ERExtensions/Sources/er/extensions/appserver/ERXSession.java
