org.jwall.web.audit.session
Class CookieSessionTracker

java.lang.Object
  extended by org.jwall.web.audit.session.AbstractSessionTracker
      extended by org.jwall.web.audit.session.CookieSessionTracker
All Implemented Interfaces:
AuditEventListener, SessionTracker

public class CookieSessionTracker
extends AbstractSessionTracker

This tracker creates a session-context wrt to a specific session-cookie. Sessions are only created by events that contain a Set-Cookie header, thus this tracker is somewhat immune to session-fixation.

Author:
Christian Bockermann <chris@jwall.org>

Field Summary
 
Fields inherited from class org.jwall.web.audit.session.AbstractSessionTracker
activeSessions, sessionTimeOut, timedOutSessions, type
 
Constructor Summary
CookieSessionTracker(java.lang.String cookieName)
          This tracker creates sessions on behalf of a id sent in the request-cookie names cookieName.
 
Method Summary
 void expireSession(Session s)
          Expire the session as normally, but also remove the session-id from the valid-list.
 java.lang.String extractKey(AuditEvent evt)
          This method extracts the session-id that is sent in this event within the cookie, identified by sessionCookie.
 java.lang.String toString()
          This method returns a string of all events grouped by their session-id.
 
Methods inherited from class org.jwall.web.audit.session.AbstractSessionTracker
eventArrived, getSession, getSessions, getSessionTimeOut, isExpired, reset, setSessionTimeOut, setStrictSessions, usesStrictSessions
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
 

Constructor Detail

CookieSessionTracker

public CookieSessionTracker(java.lang.String cookieName)
This tracker creates sessions on behalf of a id sent in the request-cookie names cookieName.

Parameters:
cookieName - The name of the session-cookie.
Method Detail

extractKey

public java.lang.String extractKey(AuditEvent evt)
This method extracts the session-id that is sent in this event within the cookie, identified by sessionCookie.

Specified by:
extractKey in class AbstractSessionTracker
Parameters:
evt - The AuditEvent from which the session-id is to be extracted.
Returns:
The id of the session associated with this event.

expireSession

public void expireSession(Session s)
Expire the session as normally, but also remove the session-id from the valid-list.

Overrides:
expireSession in class AbstractSessionTracker
Parameters:
s - The session to expire.

toString

public java.lang.String toString()
Description copied from class: AbstractSessionTracker
This method returns a string of all events grouped by their session-id.

Overrides:
toString in class AbstractSessionTracker
Returns:
A string holding all sessions