interface SessionHandler : Handler<RoutingContext>
A handler that maintains a io.vertx.ext.web.Session for each browser session.
It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.
The session is available on the routing context with RoutingContext#session().
The session handler requires a CookieHandler to be on the routing chain before it.
Author
Tim Fox
static val DEFAULT_COOKIE_HTTP_ONLY_FLAG: Boolean
Default of whether the cookie has the HttpOnly flag set More info: https://www.owasp.org/index.php/HttpOnly |
|
static val DEFAULT_COOKIE_SECURE_FLAG: Boolean
Default of whether the cookie has the 'secure' flag set to allow transmission over https only. More info: https://www.owasp.org/index.php/SecureFlag |
|
static val DEFAULT_NAG_HTTPS: Boolean
Default of whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS |
|
static val DEFAULT_SESSIONID_MIN_LENGTH: Int
Default min length for a session id. More info: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet |
|
static val DEFAULT_SESSION_COOKIE_NAME: String
Default name of session cookie |
|
static val DEFAULT_SESSION_TIMEOUT: Long
Default time, in ms, that a session lasts for without being accessed before expiring. |
open static fun create(sessionStore: SessionStore): SessionHandler
Create a session handler |
|
abstract fun setCookieHttpOnlyFlag(httpOnly: Boolean): SessionHandler
Sets whether the 'HttpOnly' flag should be set for the session cookie. When set this flag instructs browsers to prevent Javascript access to the the cookie. Used as a line of defence against the most common XSS attacks. |
|
abstract fun setCookieSecureFlag(secure: Boolean): SessionHandler
Sets whether the 'secure' flag should be set for the session cookie. When set this flag instructs browsers to only send the cookie over HTTPS. Note that this will probably stop your sessions working if used without HTTPS (e.g. in development). |
|
abstract fun setMinLength(minLength: Int): SessionHandler
Set expected session id minimum length. |
|
abstract fun setNagHttps(nag: Boolean): SessionHandler
Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS |
|
abstract fun setSessionCookieName(sessionCookieName: String): SessionHandler
Set the session cookie name |
|
abstract fun setSessionTimeout(timeout: Long): SessionHandler
Set the session timeout |