@Override public void start() throws Exception { Router router = Router.router(vertx); router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(LocalSessionStore.create(vertx))); router.route().handler(routingContext -> { Session session = routingContext.session(); Integer cnt = session.get("hitcount"); cnt = (cnt == null ? 0 : cnt) + 1; session.put("hitcount", cnt); routingContext.response().putHeader("content-type", "text/html") .end("<html><body><h1>Hitcount: " + cnt + "</h1></body></html>"); }); vertx.createHttpServer().requestHandler(router).listen(8080); } }
@Test public void testSessionCookieSecureFlagAndHttpOnlyFlags() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookieSecureFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); }, 200, "OK", null); }
@Test public void testSessionCookieHttpOnlyFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookiePath() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setSessionCookiePath("/path")); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("Path=/path")); }, 200, "OK", null); }
@Test public void testSessionCookieName() throws Exception { router.route().handler(CookieHandler.create()); String sessionCookieName = "acme.sillycookie"; router.route().handler(SessionHandler.create(store).setSessionCookieName(sessionCookieName)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.startsWith(sessionCookieName + "=")); }, 200, "OK", null); }
router.route().handler(CookieHandler.create()); long timeout = 1000; router.route().handler(SessionHandler.create(store).setSessionTimeout(timeout)); AtomicReference<String> rid = new AtomicReference<>(); AtomicInteger requestCount = new AtomicInteger();
/** * Sets whether the 'secure' flag should be set for the session cookie. When set * this flag instructs browsers to only send the cookie over HTTPS. Note that * this will probably stop your sessions working if used without HTTPS (e.g. in * development). * @param secure true to set the secure flag on the cookie * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setCookieSecureFlag(boolean secure) { delegate.setCookieSecureFlag(secure); return this; }
/** * Sets whether the 'HttpOnly' flag should be set for the session cookie. When * set this flag instructs browsers to prevent Javascript access to the the * cookie. Used as a line of defence against the most common XSS attacks. * @param httpOnly true to set the HttpOnly flag on the cookie * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setCookieHttpOnlyFlag(boolean httpOnly) { delegate.setCookieHttpOnlyFlag(httpOnly); return this; }
/** * Set the session cookie name * @param sessionCookieName the session cookie name * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setSessionCookieName(String sessionCookieName) { delegate.setSessionCookieName(sessionCookieName); return this; }
/** * Set the session cookie path * @param sessionCookiePath the session cookie path * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setSessionCookiePath(String sessionCookiePath) { delegate.setSessionCookiePath(sessionCookiePath); return this; }
/** * Set the session timeout * @param timeout the timeout, in ms. * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setSessionTimeout(long timeout) { delegate.setSessionTimeout(timeout); return this; }
@Test public void testSessionCookieSecureFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieSecureFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; Secure")); }, 200, "OK", null); }
@Test public void testSessionCookieHttpOnlyFlag() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setCookieHttpOnlyFlag(true)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("; HTTPOnly")); }, 200, "OK", null); }
@Test public void testSessionCookiePath() throws Exception { router.route().handler(CookieHandler.create()); router.route().handler(SessionHandler.create(store).setSessionCookiePath("/path")); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.contains("Path=/path")); }, 200, "OK", null); }
@Test public void testSessionCookieName() throws Exception { router.route().handler(CookieHandler.create()); String sessionCookieName = "acme.sillycookie"; router.route().handler(SessionHandler.create(store).setSessionCookieName(sessionCookieName)); router.route().handler(rc -> rc.response().end()); testRequest(HttpMethod.GET, "/", null, resp -> { String setCookie = resp.headers().get("set-cookie"); assertTrue(setCookie.startsWith(sessionCookieName + "=")); }, 200, "OK", null); }
router.route().handler(CookieHandler.create()); long timeout = 1000; router.route().handler(SessionHandler.create(store).setSessionTimeout(timeout)); AtomicReference<String> rid = new AtomicReference<>(); AtomicInteger requestCount = new AtomicInteger();
/** * Sets whether the 'secure' flag should be set for the session cookie. When set * this flag instructs browsers to only send the cookie over HTTPS. Note that * this will probably stop your sessions working if used without HTTPS (e.g. in * development). * @param secure true to set the secure flag on the cookie * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setCookieSecureFlag(boolean secure) { delegate.setCookieSecureFlag(secure); return this; }
/** * Sets whether the 'HttpOnly' flag should be set for the session cookie. When * set this flag instructs browsers to prevent Javascript access to the the * cookie. Used as a line of defence against the most common XSS attacks. * @param httpOnly true to set the HttpOnly flag on the cookie * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setCookieHttpOnlyFlag(boolean httpOnly) { delegate.setCookieHttpOnlyFlag(httpOnly); return this; }
/** * Set the session cookie name * @param sessionCookieName the session cookie name * @return a reference to this, so the API can be used fluently */ public io.vertx.rxjava.ext.web.handler.SessionHandler setSessionCookieName(String sessionCookieName) { delegate.setSessionCookieName(sessionCookieName); return this; }