  public io.undertow.server.session.Session createSession(
      HttpServerExchange exchange, SessionConfig config) {
    if (config == null) {
      throw UndertowMessages.MESSAGES.couldNotFindSessionCookieConfig();

    String id = config.findSessionId(exchange);

    if (id == null) {
      int attempts = 0;
      do {
        if (++attempts > MAX_SESSION_ID_GENERATION_ATTEMPTS) {
          throw UndertowMessages.MESSAGES.couldNotGenerateUniqueSessionId();
        id = this.manager.createIdentifier();
      } while (this.manager.containsSession(id));

      config.setSessionId(exchange, id);

    Batch batch = this.manager.getBatcher().createBatch();
    try {
      Session<LocalSessionContext> session = this.manager.createSession(id);
      io.undertow.server.session.Session adapter =
          new DistributableSession(this, session, config, batch);
      this.sessionListeners.sessionCreated(adapter, exchange);
      return adapter;
    } catch (RuntimeException | Error e) {
      throw e;
  public HttpSession getSession(
      final ServletContextImpl originalServletContext,
      final HttpServerExchange exchange,
      boolean create) {
    SessionConfig c = originalServletContext.getSessionConfig();
    ConvergedHttpSessionFacade httpSession = exchange.getAttachment(sessionAttachmentKey);
    if (httpSession != null && httpSession.isValidIntern()) {
      httpSession = null;
    if (httpSession == null) {
      final SessionManager sessionManager = context.getDeployment().getSessionManager();
      Session session = sessionManager.getSession(exchange, c);
      if (session != null) {
        httpSession =
                SecurityActions.forSession(session, this, false, sessionManager);
        exchange.putAttachment(sessionAttachmentKey, httpSession);
      } else if (create) {

        String existing = c.findSessionId(exchange);
        if (originalServletContext != this.context) {
          // this is a cross context request
          // we need to make sure there is a top level session
          originalServletContext.getSession(originalServletContext, exchange, true);
        } else if (existing != null) {
          c.clearSession(exchange, existing);

        final Session newSession = sessionManager.createSession(exchange, c);
        httpSession =
                SecurityActions.forSession(newSession, this, true, sessionManager);
        // call access after creation to set LastAccessTime at sipAppSession.
        // add delegate to InMemorySession to call sipAppSession.access(), when necessary:
        ((ConvergedInMemorySessionManager) sessionManager)
                newSession.getId(), httpSession.getConvergedSessionDelegate());

        exchange.putAttachment(sessionAttachmentKey, httpSession);
    return httpSession;
  public io.undertow.server.session.Session getSession(
      HttpServerExchange exchange, SessionConfig config) {
    String id = config.findSessionId(exchange);
    if (id == null) return null;

    Batch batch = this.manager.getBatcher().createBatch();
    try {
      Session<LocalSessionContext> session = this.manager.findSession(id);
      if (session == null) {
        return null;
      return new DistributableSession(this, session, config, batch);
    } catch (RuntimeException | Error e) {
      throw e;
Esempio n. 4
 /** Strips routing information from requested session identifier. */
 private String findSessionId(HttpServerExchange exchange, SessionConfig config) {
   String id = config.findSessionId(exchange);
   return this.config.getUseJK().booleanValue() ? this.parse(id).getKey() : id;