Module io.jooby
Package io.jooby

Interface SessionToken

All Known Implementing Classes:
SessionToken.CookieID, SessionToken.HeaderID, SessionToken.SignedCookie

public interface SessionToken
Find, save and delete a session token (cookie, header, parameter, etc) into/from the web Context.
Author:
edgar
  • Field Details

    • SID

      static final Cookie SID
      Default cookie for cookie based session stores. Uses jooby.sid as name. It never expires, use the root, only for HTTP.
    • RND

      static final SecureRandom RND
      Secure random for default session token generator.
    • ID_SIZE

      static final int ID_SIZE
      Size of default token generator.
      See Also:
  • Method Details

    • newToken

      @NonNull default String newToken()
      Generate a new token. This implementation produces an url encoder ID using a secure random of ID_SIZE.
      Returns:
      A new token.
    • findToken

      @Nullable String findToken(@NonNull Context ctx)
      Find session ID.
      Parameters:
      ctx - Web context.
      Returns:
      Session ID or null.
    • saveToken

      void saveToken(@NonNull Context ctx, @NonNull String token)
      Save session ID in the web context.
      Parameters:
      ctx - Web context.
      token - Token/data to save.
    • deleteToken

      void deleteToken(@NonNull Context ctx, @NonNull String token)
      Delete session ID in the web context.
      Parameters:
      ctx - Web context.
      token - Token/data to delete.
    • cookieId

      @NonNull static SessionToken cookieId(@NonNull Cookie cookie)
      Create a cookie-based Session ID. This strategy:

      - find a token from a request cookie. - on save, set a response cookie on new sessions or when cookie has a max-age value. - on destroy, expire the cookie.

      Parameters:
      cookie - Cookie to use.
      Returns:
      Session Token.
    • signedCookie

      @NonNull static SessionToken signedCookie(@NonNull Cookie cookie)
      Create a signed-cookie-based Session token. This strategy:

      - find a token from a request cookie. - on save, set a response cookie. - on destroy, expire the cookie.

      Parameters:
      cookie - Cookie to use.
      Returns:
      Session Token.
    • header

      @NonNull static SessionToken header(@NonNull String name)
      Create a header-based Session Token. This strategy:

      - find a token from a request header. - on save, send the header back as response header. - on session destroy. don't send response header back.

      Parameters:
      name - Header name.
      Returns:
      Session Token.
    • combine

      @NonNull static SessionToken combine(@NonNull SessionToken... tokens)
      Combine/compose two or more session tokens. Example:
      
       SessionToken token = SessionToken.combine(
           SessionToken.header("TOKEN"),
           SessionToken.cookie(SID)
       );
       
      On new session, creates a response header and cookie. On save token, generates a response header or cookie based on best matches. On delete token, generates a response header or cookie based on best matches.
      Parameters:
      tokens - Tokens to use.
      Returns:
      A composed session token.