Return-Path: <craigmcc@locus.apache.org>
Mailing-List: contact tomcat-dev-help@jakarta.apache.org; run by ezmlm
Delivered-To: mailing list tomcat-dev@jakarta.apache.org
Received: (qmail 2635 invoked by uid 500); 11 Nov 2000 02:07:03 -0000
Delivered-To: apmail-jakarta-tomcat-cvs@apache.org
Received: (qmail 2632 invoked by uid 1059); 11 Nov 2000 02:07:03 -0000
Date: 11 Nov 2000 02:07:03 -0000
Message-ID: <20001111020703.2631.qmail@locus.apache.org>
From: craigmcc@locus.apache.org
To: jakarta-tomcat-cvs@apache.org
Subject: cvs commit: jakarta-tomcat/src/share/org/apache/tomcat/session
 StandardSessionInterceptor.java

craigmcc    00/11/10 18:07:02

  Modified:    src/share/org/apache/tomcat/request Tag: tomcat_32
                        SessionInterceptor.java
               src/share/org/apache/tomcat/session Tag: tomcat_32
                        StandardSessionInterceptor.java
  Log:
  Migrate the handling of session id cookies from SessionInterceptor to
  StandardSessionInterceptor.
  
  When there are multiple session ID cookies, take the *first* one as the
  one that belongs to us, because of the rule in RFC 2109 that clients must
  specify such cookies with the most specific "path" attribute first.  This
  corresponds to the servlet spec rule that we take the longest prefix match
  when selecting which context will handle a particular request.  (This is
  slightly different than the original proposed behavior, and matches
  behavior just added in Tomcat 4.0 as well.)
  
  Submitted by: Paul Frieden <pfrieden@dChain.com>
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.24.2.2  +9 -40     jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java
  
  Index: SessionInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/request/SessionInterceptor.java,v
  retrieving revision 1.24.2.1
  retrieving revision 1.24.2.2
  diff -u -r1.24.2.1 -r1.24.2.2
  --- SessionInterceptor.java	2000/11/07 22:15:35	1.24.2.1
  +++ SessionInterceptor.java	2000/11/11 02:07:02	1.24.2.2
  @@ -82,7 +82,7 @@
       // GS, separates the session id from the jvm route
       static final char SESSIONID_ROUTE_SEP = '.';
       ContextManager cm;
  -    
  +
       public SessionInterceptor() {
       }
   
  @@ -109,51 +109,23 @@
   	int foundAt=-1;
   	String uri=request.getRequestURI();
   	String sessionId;
  -	
  +
   	if ((foundAt=uri.indexOf(sig))!=-1){
   	    sessionId=uri.substring(foundAt+sig.length());
   	    // I hope the optimizer does it's job:-)
   	    sessionId = fixSessionId( request, sessionId );
  -	    
  +
   	    // rewrite URL, do I need to do anything more?
   	    request.setRequestURI(uri.substring(0, foundAt));
   
   	    // No validate now - we just note that this is what the user
  -	    // requested. 
  +	    // requested.
   	    request.setSessionIdSource( Request.SESSIONID_FROM_URL);
   	    request.setRequestedSessionId( sessionId );
   	}
   	return 0;
       }
   
  -    /** This happens after context map, so we know the context.
  -     *  We can probably do it later too.
  -     */
  -    public int requestMap(Request request ) {
  -	String sessionId = null;
  -
  -	int count=request.getCookieCount();
  -	
  -	// Give priority to cookies. I don't know if that's part
  -	// of the spec - XXX
  -	for( int i=0; i<count; i++ ) {
  -	    Cookie cookie = request.getCookie(i);
  -	    
  -	    if (cookie.getName().equals("JSESSIONID")) {
  -		sessionId = cookie.getValue();
  -		sessionId = fixSessionId( request, sessionId );
  -
  -		// XXX what if we have multiple session cookies ?
  -		// right now only the first is used
  -		request.setRequestedSessionId( sessionId );
  -		request.setSessionIdSource( Request.SESSIONID_FROM_COOKIE);
  -		break;
  -	    }
  -	}
  -
  - 	return 0;
  -    }
  -
       /** Fix the session id. If the session is not valid return null.
        *  It will also clean up the session from load-balancing strings.
        * @return sessionId, or null if not valid
  @@ -178,7 +150,7 @@
   	if( reqSessionId==null)
   	    return 0;
   
  -	
  +
           // GS, set the path attribute to the cookie. This way
           // multiple session cookies can be used, one for each
           // context.
  @@ -188,11 +160,9 @@
           }
   
           // GS, piggyback the jvm route on the session id.
  -        if(!sessionPath.equals("/")) {
  -            String jvmRoute = rrequest.getJvmRoute();
  -            if(null != jvmRoute) {
  -                reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
  -            }
  +        String jvmRoute = rrequest.getJvmRoute();
  +        if(null != jvmRoute) {
  +            reqSessionId = reqSessionId + SESSIONID_ROUTE_SEP + jvmRoute;
           }
   
   	Cookie cookie = new Cookie("JSESSIONID",
  @@ -206,10 +176,9 @@
       	cookie.setVersion(0);
   	response.addHeader( CookieTools.getCookieHeaderName(cookie),
   			    CookieTools.getCookieHeaderValue(cookie));
  -	
  +
       	return 0;
       }
   
   
   }
  -
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.5.2.1   +60 -42    jakarta-tomcat/src/share/org/apache/tomcat/session/StandardSessionInterceptor.java
  
  Index: StandardSessionInterceptor.java
  ===================================================================
  RCS file: /home/cvs/jakarta-tomcat/src/share/org/apache/tomcat/session/StandardSessionInterceptor.java,v
  retrieving revision 1.5
  retrieving revision 1.5.2.1
  diff -u -r1.5 -r1.5.2.1
  --- StandardSessionInterceptor.java	2000/06/20 19:22:54	1.5
  +++ StandardSessionInterceptor.java	2000/11/11 02:07:02	1.5.2.1
  @@ -3,7 +3,7 @@
    *
    * The Apache Software License, Version 1.1
    *
  - * Copyright (c) 1999 The Apache Software Foundation.  All rights 
  + * Copyright (c) 1999 The Apache Software Foundation.  All rights
    * reserved.
    *
    * Redistribution and use in source and binary forms, with or without
  @@ -11,7 +11,7 @@
    * are met:
    *
    * 1. Redistributions of source code must retain the above copyright
  - *    notice, this list of conditions and the following disclaimer. 
  + *    notice, this list of conditions and the following disclaimer.
    *
    * 2. Redistributions in binary form must reproduce the above copyright
    *    notice, this list of conditions and the following disclaimer in
  @@ -19,15 +19,15 @@
    *    distribution.
    *
    * 3. The end-user documentation included with the redistribution, if
  - *    any, must include the following acknowlegement:  
  - *       "This product includes software developed by the 
  + *    any, must include the following acknowlegement:
  + *       "This product includes software developed by the
    *        Apache Software Foundation (http://www.apache.org/)."
    *    Alternately, this acknowlegement may appear in the software itself,
    *    if and wherever such third-party acknowlegements normally appear.
    *
    * 4. The names "The Jakarta Project", "Tomcat", and "Apache Software
    *    Foundation" must not be used to endorse or promote products derived
  - *    from this software without prior written permission. For written 
  + *    from this software without prior written permission. For written
    *    permission, please contact apache@apache.org.
    *
    * 5. Products derived from this software may not be called "Apache"
  @@ -55,7 +55,7 @@
    *
    * [Additional notices, if required by prior licensing conditions]
    *
  - */ 
  + */
   
   
   package org.apache.tomcat.session;
  @@ -80,7 +80,7 @@
    * By using standard tomcat interceptor mechanisms you can plug in one or
    * many session managers per context or context manager ( or even per
    * URL - but that's not standard API feature ).
  - * 
  + *
    * It must be inserted after SessionInterceptor, which does common
    * session stuff ( cookie, rewrite, etc)
    *
  @@ -88,7 +88,8 @@
    */
   public final class StandardSessionInterceptor  extends BaseInterceptor {
       int manager_note;
  -    
  +    static final char SESSIONID_ROUTE_SEP = '.';
  +
       public StandardSessionInterceptor() {
       }
   
  @@ -109,52 +110,54 @@
   
       /**
        *  StandardManager will set the HttpSession if one is found.
  -     *  
  +     *
        */
       public int requestMap(Request request ) {
   	String sessionId = null;
  +	HttpSession sess = null;
   	Context ctx=request.getContext();
  +	StandardManager sM = getManager( ctx );
   	if( ctx==null ) {
   	    log( "Configuration error in StandardSessionInterceptor - no context " + request );
  -	    return 0;
   	}
   
  -	// "access" it and set HttpSession if valid
  -	sessionId=request.getRequestedSessionId();
   
  -	if (sessionId != null && sessionId.length()!=0) {
  -	    // GS, We are in a problem here, we may actually get
  -	    // multiple Session cookies (one for the root
  -	    // context and one for the real context... or old session
  -	    // cookie. We must check for validity in the current context.
  -	    StandardManager sM = getManager( ctx );    
  -	    HttpSession sess= sM.findSession( sessionId );
  -	    if(null != sess) {
  -		//		log( "Found session");
  -		// set it only if nobody else did !
  -		if( null == request.getSession( false ) ) {
  -		    request.setSession( sess );
  -		    //    log("Session set ");
  -		}
  -	    }
  -	    return 0;
  +	// PF, loop across all cookies named JSESSIONID checking to see if any of them are valid.
  +	// There should in most cases be a maximum of 2, and normally there will only be one. The
  +	// first valid session cookie is set as the session ID in the request.
  +	int count=request.getCookieCount();
  +	for( int i=0; i<count; i++ ) {
  +		Cookie cookie = request.getCookie(i);
  +
  +		if (cookie.getName().equals("JSESSIONID")) {
  +			sessionId = cookie.getValue();
  +			sessionId = fixSessionId( request, sessionId );
  +                        if (debug > 0) log("Found session id cookie " + sessionId);
  +                        request.setRequestedSessionId( sessionId );
  +                        request.setSessionIdSource( Request.SESSIONID_FROM_COOKIE );
  +                        sess = sM.findSession(sessionId);
  +                        if (sess != null)
  +                            request.setSession(sess);
  +                        break;
  +                }
  +
   	}
  -	//	log( "No session ");
  +
   	return 0;
       }
  -    
  +
       public void reload( Request req, Context ctx ) {
   	ClassLoader newLoader = ctx.getServletLoader().getClassLoader();
  -	StandardManager sM = getManager( ctx );    
  +	StandardManager sM = getManager( ctx );
   	sM.handleReload(req, newLoader);
       }
  -    
  +
       public int newSessionRequest( Request request, Response response) {
   	Context ctx=request.getContext();
   	if( ctx==null ) return 0;
  -	
  -	StandardManager sM = getManager( ctx );    
   
  +	StandardManager sM = getManager( ctx );
  +
   	if( request.getSession( false ) != null )
   	    return 0; // somebody already set the session
   	HttpSession newS=sM.getNewSession();
  @@ -169,26 +172,26 @@
        */
       public int postService(  Request rrequest, Response response ) {
   	Context ctx=rrequest.getContext();
  -	if( ctx==null ) return 0; 
  +	if( ctx==null ) return 0;
   
   	StandardManager sm= getManager( ctx );
   	HttpSession sess=rrequest.getSession(false);
   	if( sess == null ) return 0;
  -	
  +
   	sm.release( sess );
   	return 0;
       }
   
  +
   
  -    
       //--------------------  Tomcat context events --------------------
  -    
  -    /** Init session management stuff for this context. 
  +
  +    /** Init session management stuff for this context.
        */
       public void contextInit(Context ctx) throws TomcatException {
   	// Defaults !!
   	StandardManager sm= getManager( ctx );
  -	
  +
   	if( sm == null ) {
   	    sm=new StandardManager();
   	    setManager(ctx, sm);
  @@ -204,10 +207,10 @@
   	    throw new TomcatException( ex );
   	}
       }
  -    
  +
       /** Notification of context shutdown.
        *  We should clean up any resources that are used by our
  -     *  session management code. 
  +     *  session management code.
        */
       public void contextShutdown( Context ctx )
   	throws TomcatException
  @@ -221,4 +224,19 @@
   	    throw new TomcatException( ex );
   	}
       }
  +
  +    private String fixSessionId(Request request, String sessionId){
  +	// GS, We piggyback the JVM id on top of the session cookie
  +	// Separate them ...
  +
  +	if( debug>0 ) cm.log(" Orig sessionId  " + sessionId );
  +	if (null != sessionId) {
  +	    int idex = sessionId.lastIndexOf(SESSIONID_ROUTE_SEP);
  +	    if(idex > 0) {
  +		sessionId = sessionId.substring(0, idex);
  +	    }
  +	}
  +	return sessionId;
  +    }
  +
   }