Class Poco::OSP::Web::WebSessionManager

File Information

Library: OSP/Web
Package: Web
Header: Poco/OSP/Web/WebSessionManager.h

Description

A WebSessionManager manages HTTP sessions using cookies.

The SessionManager is registered under the service name "osp.web.session".

Note that the application name (appName) specified in get() and create() can contain a domain name, separated by '@'. If a domain name is given, it is used to set the domain for the session cookie. Similarly, a path can be given, beginning with a slash.

For example, if the appName is sample@.appinf.com, then the browser will send the session cookie to all hosts with names in the appinf.com domain. If a domain is not given, the session cookie will only be available to the host that has originally set it.

Inheritance

Direct Base Classes: WebSessionService < Poco::Net::HTTPServerRequest >

All Base Classes: WebSessionService < Poco::Net::HTTPServerRequest >

Member Summary

Member Functions: addCSRFCookie, addSessionCookie, cookieDomain, cookieName, cookiePath, countSessions, create, createImpl, createToken, find, findById, findByIdImpl, findImpl, get, getCSRFCookie, getCookiePersistence, getDefaultDomain, getDefaultPath, getId, getSessionStore, isA, isAddressVerified, isCookieSecure, remove, removeForUser, removeImpl, setCSRFCookie, setCookiePersistence, setCookieSameSite, setCookieSecure, setDefaultDomain, setDefaultPath, setSessionStore, setVerifyAddress, type

Types Aliases

Ptr

using Ptr = Poco::AutoPtr < WebSessionManager >;

Enumerations

CookiePersistence

COOKIE_TRANSIENT = 1

Session cookies are transient (go away when browser is closed).

COOKIE_PERSISTENT = 2

Session cookies are persistent (kept in browser until they expire).

Constructors

WebSessionManager

explicit WebSessionManager(
Poco::OSP::BundleContext::Ptr pContext
);

Creates the SessionManager without a WebSessionStore.

Destructor

~WebSessionManager

~WebSessionManager();

Destroys the SessionManager.

Member Functions

countSessions

std::size_t countSessions();

Returns the number of active sessions.

create

WebSession::Ptr create(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    int expireSeconds,
    BundleContext::Ptr pContext
);

find

WebSession::Ptr find(
const std::string & appName,
const Poco::Net::HTTPServerRequest & request
);

findById

WebSession::Ptr findById(
const std::string & sessionId
);

Returns the session with the given ID, or null if it does not exist.

get

WebSession::Ptr get(
    const std::string & appName,
    const Poco::Net::HTTPServerRequest & request,
    int expireSeconds,
    BundleContext::Ptr pContext
);

getCSRFCookie

const std::string & getCSRFCookie() const;

Returns the name of the CSRF cookie, if set, otherwise an empty string.

getCookiePersistence

CookiePersistence getCookiePersistence() const;

Returns the cookie persistence for the session and CSRF cookies.

getDefaultDomain

const std::string & getDefaultDomain() const;

Returns the default domain for the session cookie.

getDefaultPath

const std::string & getDefaultPath() const;

Returns the default path for the session cookie.

getSessionStore

WebSessionStore::Ptr getSessionStore() const;

Returns the WebSessionStore.

isA

virtual bool isA(
const std::type_info & otherType
) const;

isAddressVerified

bool isAddressVerified() const;

Returns true if the client IP address is verified against the address stored in the session.

isCookieSecure

bool isCookieSecure() const;

Returns true if the session cookie has the secure attribute set, otherwise false.

remove

void remove(
WebSession::Ptr ptr
);

removeForUser

void removeForUser(
const std::string & username
);

setCSRFCookie

void setCSRFCookie(
const std::string & name
);

Sets the name of the CSRF/XSRF cookie.

If set, the CSRF token of the session will be stored in the cookie with the given name. This cookie is accessible from JavaScript and can be used to authenticate scripted HTTP requests (together with the session cookie).

setCookiePersistence

void setCookiePersistence(
CookiePersistence persistence
);

Sets the cookie persistence, which controls whether session and CSRF cookies are transient (go away when the browser is closed) or persistent (default).