Poco::OSP::Web

class WebSessionManager

File Information

Library: OSP/Web
Package: Web
Header: Poco/OSP/Web/WebSessionManager.h

Description

A WebSessionManager manages HTTP sessions using cookies.

The SessionManager is registered under the service name "osp.web.session".

Note that the application name (appName) specified in get() and create() can contain a domain name, separated by '@'. If a domain name is given, it is used to set the domain for the session cookie. Similarly, a path can be given, beginning with a slash.

For example, if the appName is sample@.appinf.com, then the browser will send the session cookie to all hosts with names in the appinf.com domain. If a domain is not given, the session cookie will only be available to the host that has originally set it.

Inheritance

Direct Base Classes: WebSessionService < Poco::Net::HTTPServerRequest >

All Base Classes: WebSessionService < Poco::Net::HTTPServerRequest >

Member Summary

Member Functions: addCSRFCookie, addSessionCookie, cookieDomain, cookieName, cookiePath, countSessions, create, createImpl, createToken, find, findById, findByIdImpl, findImpl, get, getCSRFCookie, getCookiePersistence, getDefaultDomain, getDefaultPath, getId, getSessionStore, isA, isAddressVerified, isCookieSecure, remove, removeForUser, removeImpl, setCSRFCookie, setCookiePersistence, setCookieSameSite, setCookieSecure, setDefaultDomain, setDefaultPath, setSessionStore, setVerifyAddress, type

Types Aliases

Ptr

using Ptr = Poco::AutoPtr < WebSessionManager >;

Enumerations

CookiePersistence

COOKIE_TRANSIENT = 1

Session cookies are transient (go away when browser is closed).

COOKIE_PERSISTENT = 2

Session cookies are persistent (kept in browser until they expire).

Constructors

WebSessionManager

explicit WebSessionManager(
    Poco::OSP::BundleContext::Ptr pContext
);

Creates the SessionManager without a WebSessionStore.

Destructor

~WebSessionManager

~WebSessionManager();

Destroys the SessionManager.

Member Functions

countSessions

std::size_t countSessions();

Returns the number of active sessions.

create

WebSession::Ptr create(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    int expireSeconds,
    BundleContext::Ptr pContext
);

find

WebSession::Ptr find(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request
);

findById

WebSession::Ptr findById(
    const std::string & sessionId
);

Returns the session with the given ID, or null if it does not exist.

get

WebSession::Ptr get(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    int expireSeconds,
    BundleContext::Ptr pContext
);

getCSRFCookie

const std::string & getCSRFCookie() const;

Returns the name of the CSRF cookie, if set, otherwise an empty string.

getCookiePersistence

CookiePersistence getCookiePersistence() const;

Returns the cookie persistence for the session and CSRF cookies.

getDefaultDomain

const std::string & getDefaultDomain() const;

Returns the default domain for the session cookie.

getDefaultPath

const std::string & getDefaultPath() const;

Returns the default path for the session cookie.

getSessionStore

WebSessionStore::Ptr getSessionStore() const;

Returns the WebSessionStore.

isA virtual

virtual bool isA(
    const std::type_info & otherType
) const;

isAddressVerified

bool isAddressVerified() const;

Returns true if the client IP address is verified against the address stored in the session.

isCookieSecure

bool isCookieSecure() const;

Returns true if the session cookie has the secure attribute set, otherwise false.

remove

void remove(
    WebSession::Ptr ptr
);

removeForUser

void removeForUser(
    const std::string & username
);

setCSRFCookie

void setCSRFCookie(
    const std::string & name
);

Sets the name of the CSRF/XSRF cookie.

If set, the CSRF token of the session will be stored in the cookie with the given name. This cookie is accessible from JavaScript and can be used to authenticate scripted HTTP requests (together with the session cookie).

setCookiePersistence

void setCookiePersistence(
    CookiePersistence persistence
);

Sets the cookie persistence, which controls whether session and CSRF cookies are transient (go away when the browser is closed) or persistent (default).

setCookieSameSite

void setCookieSameSite(
    Poco::Net::HTTPCookie::SameSite sameSite
);

Sets the SameSite attribute for the session cookie.

The default is Poco::Net::HTTPCookie::SAME_SITE_NOT_SPECIFIED.

setCookieSameSite

Poco::Net::HTTPCookie::SameSite setCookieSameSite() const;

Returns the SameSite attribute for the session cookie.

setCookieSecure

void setCookieSecure(
    bool secure
);

Sets the secure attribute of the session cookie.

If set to true, the browser will only send the cookie over HTTPS connections.

setDefaultDomain

void setDefaultDomain(
    const std::string & domain
);

Sets the default domain for the session cookie.

setDefaultPath

void setDefaultPath(
    const std::string & path
);

Sets the default path for the session cookie.

setSessionStore

void setSessionStore(
    WebSessionStore::Ptr pWebSessionStore
);

Sets the WebSessionStore.

setVerifyAddress

void setVerifyAddress(
    bool verify
);

Enable or disable verification of client address against the address stored in the session.

type virtual

virtual const std::type_info & type() const;

addCSRFCookie protected

void addCSRFCookie(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    WebSession::Ptr ptrSes
);

addSessionCookie protected

void addSessionCookie(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    WebSession::Ptr ptrSes
);

cookieDomain protected

std::string cookieDomain(
    const std::string & appName
);

cookieName protected

std::string cookieName(
    const std::string & appName
);

cookiePath protected

std::string cookiePath(
    const std::string & appName
);

createImpl protected

WebSession::Ptr createImpl(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    int expireSeconds,
    BundleContext::Ptr pContext
);

createToken protected

std::string createToken(
    const Poco::Net::HTTPServerRequest & request
);

findByIdImpl protected

WebSession::Ptr findByIdImpl(
    const std::string & sessionId,
    BundleContext::Ptr pContext
);

findImpl protected

WebSession::Ptr findImpl(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    BundleContext::Ptr pContext
);

getId protected

std::string getId(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request
);

removeImpl protected

void removeImpl(
    WebSession::Ptr pSession
);

removeImpl protected

void removeImpl(
    const std::string & id
);

Variables

SERVICE_NAME static

static const std::string SERVICE_NAME;