@groovy.transform.CompileStatic class SessionHandler extends java.lang.Object
A handler that maintains a Session for each browser session.
It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.
The session is available on the routing context with .
The session handler requires a CookieHandler to be on the routing chain before it.
Constructor and description |
---|
SessionHandler
(java.lang.Object delegate) |
Type | Name and description |
---|---|
static SessionHandler |
create(SessionStore sessionStore) Create a session handler |
java.lang.Object |
getDelegate() |
void |
handle(RoutingContext arg0) |
SessionHandler |
setCookieHttpOnlyFlag(boolean httpOnly) Sets whether the 'HttpOnly' flag should be set for the session cookie. |
SessionHandler |
setCookieSecureFlag(boolean secure) Sets whether the 'secure' flag should be set for the session cookie. |
SessionHandler |
setNagHttps(boolean nag) Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS |
SessionHandler |
setSessionCookieName(java.lang.String sessionCookieName) Set the session cookie name |
SessionHandler |
setSessionTimeout(long timeout) Set the session timeout |
Methods inherited from class | Name |
---|---|
class java.lang.Object |
java.lang.Object#wait(long, int), java.lang.Object#wait(long), java.lang.Object#wait(), java.lang.Object#equals(java.lang.Object), java.lang.Object#toString(), java.lang.Object#hashCode(), java.lang.Object#getClass(), java.lang.Object#notify(), java.lang.Object#notifyAll() |
Create a session handler
sessionStore
- the session storeSets whether the 'HttpOnly' flag should be set for the session cookie. When set this flag instructs browsers to prevent Javascript access to the the cookie. Used as a line of defence against the most common XSS attacks.
httpOnly
- true to set the HttpOnly flag on the cookieSets whether the 'secure' flag should be set for the session cookie. When set this flag instructs browsers to only send the cookie over HTTPS. Note that this will probably stop your sessions working if used without HTTPS (e.g. in development).
secure
- true to set the secure flag on the cookieSet whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS
nag
- true to nagSet the session cookie name
sessionCookieName
- the session cookie nameSet the session timeout
timeout
- the timeout, in ms.