vertx / io.vertx.ext.web.handler / SessionHandler

SessionHandler

interface SessionHandler : Handler<RoutingContext>

A handler that maintains a io.vertx.ext.web.Session for each browser session.

It looks up the session for each request based on a session cookie which contains a session ID. It stores the session when the response is ended in the session store.

The session is available on the routing context with RoutingContext#session().

The session handler requires a CookieHandler to be on the routing chain before it.

Author
Tim Fox

Properties

DEFAULT_COOKIE_HTTP_ONLY_FLAG

static val DEFAULT_COOKIE_HTTP_ONLY_FLAG: Boolean

Default of whether the cookie has the HttpOnly flag set More info: https://www.owasp.org/index.php/HttpOnly

DEFAULT_COOKIE_SECURE_FLAG

static val DEFAULT_COOKIE_SECURE_FLAG: Boolean

Default of whether the cookie has the 'secure' flag set to allow transmission over https only. More info: https://www.owasp.org/index.php/SecureFlag

DEFAULT_NAG_HTTPS

static val DEFAULT_NAG_HTTPS: Boolean

Default of whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS

DEFAULT_SESSIONID_MIN_LENGTH

static val DEFAULT_SESSIONID_MIN_LENGTH: Int

Default min length for a session id. More info: https://www.owasp.org/index.php/Session_Management_Cheat_Sheet

DEFAULT_SESSION_COOKIE_NAME

static val DEFAULT_SESSION_COOKIE_NAME: String

Default name of session cookie

DEFAULT_SESSION_TIMEOUT

static val DEFAULT_SESSION_TIMEOUT: Long

Default time, in ms, that a session lasts for without being accessed before expiring.

Functions

create

open static fun create(sessionStore: SessionStore): SessionHandler

Create a session handler

setCookieHttpOnlyFlag

abstract fun setCookieHttpOnlyFlag(httpOnly: Boolean): SessionHandler

Sets whether the 'HttpOnly' flag should be set for the session cookie. When set this flag instructs browsers to prevent Javascript access to the the cookie. Used as a line of defence against the most common XSS attacks.

setCookieSecureFlag

abstract fun setCookieSecureFlag(secure: Boolean): SessionHandler

Sets whether the 'secure' flag should be set for the session cookie. When set this flag instructs browsers to only send the cookie over HTTPS. Note that this will probably stop your sessions working if used without HTTPS (e.g. in development).

setMinLength

abstract fun setMinLength(minLength: Int): SessionHandler

Set expected session id minimum length.

setNagHttps

abstract fun setNagHttps(nag: Boolean): SessionHandler

Set whether a nagging log warning should be written if the session handler is accessed over HTTP, not HTTPS

setSessionCookieName

abstract fun setSessionCookieName(sessionCookieName: String): SessionHandler

Set the session cookie name

setSessionTimeout

abstract fun setSessionTimeout(timeout: Long): SessionHandler

Set the session timeout