Package ratpack.session.clientside

Class ClientSideSessionConfig

  • public class ClientSideSessionConfig
extends Object
    Client side session configuration.

    • Constructor Detail

      • ClientSideSessionConfig

        public ClientSideSessionConfig()

    • Method Detail

      • getSessionCookieName

        public String getSessionCookieName()
        The name of the cookie used to store serialized and encrypted session data.

        If length of the serialized session is greater than getMaxSessionCookieSize() it is partioned into more cookies. Every session cookie has a postfix _index, where index is the partition number.

        Defaults to: ratpack_session

        Returns:
        the name of the cookie used to store session data.

      • setSessionCookieName

        public void setSessionCookieName​(String sessionCookieName)
        Set the cookie name used to store session data.
        Parameters:
        sessionCookieName - a cookie name used to store session data

      • getLastAccessTimeCookieName

        public String getLastAccessTimeCookieName()
        The name of the cookie used to store session's last access time.

        Last access time is updated on every session load or store.

        Prior to 1.9, this value was hardcoded to “ratpack_lat”. Since 1.9, this value defaults to {@link #getSessionCookieName()} + "_lat". An arbitrary value can be set by setLastAccessTimeCookieName(String).

        Returns:
        the name of the cookie with session's last access time

      • setLastAccessTimeCookieName

        public void setLastAccessTimeCookieName​(@Nullable
                                        String lastAccessTimeCookieName)
        Sets the name of the cookie used to store session's last access time.

        Setting this value to null has the effect of the default value being used. See getLastAccessTimeCookieName().

        Since:
        1.9

      • getSecretToken

        public String getSecretToken()
        The token used to sign the serialized session to prevent tampering.

        If not set, this is set to a random value.

        Important: if working with clustered sessions, not being tied to any ratpack app instance, secretToken has to be the same in every ratpack instance configuration.

        Returns:
        the token used to sign the serialized and encrypted session.

      • setSecretToken

        public void setSecretToken​(String secretToken)
        Set the {code secretToken} used to sign the serialized and encrypted session data.
        Parameters:
        secretToken - a token used to sign the serialized and encrypted session data.

      • getMacAlgorithm

        public String getMacAlgorithm()
        The Mac algorithm used to sign the serialized session with the secretToken.
        Returns:
        the mac algorithm used to sign serialized and encrypted session data.

      • setMacAlgorithm

        public void setMacAlgorithm​(String macAlgorithm)
        Set mac algorithm used to sign the serialized and encrypted session data.
        Parameters:
        macAlgorithm - the name of mac algorithm

      • getSecretKey

        @Nullable
public String getSecretKey()
        The secret key used in the symmetric-key encyrption/decryption of the serialized session.
        Returns:
        the secret key used in encryption/decryption of the serialized session data.

      • setSecretKey

        public void setSecretKey​(@Nullable
                         String secretKey)
        Set the secret key used in the symmetric-key encryption/decryption of the serialized session data.

        Defaults to a randomly generated 16 byte value.

        Can be set to null only if setCipherAlgorithm(String) is null.

        Parameters:
        secretKey - a secret key

      • getCipherAlgorithm

        @Nullable
public String getCipherAlgorithm()
        The Cipher algorithm used to encrypt/decrypt the serialized session

        e.g. AES/CBC/PKCS5Padding which is also the default value.

        Returns:
        the algorithm used to encrypt/decrypt the serialized session.

      • setCipherAlgorithm

        public void setCipherAlgorithm​(@Nullable
                               String cipherAlgorithm)
        Set the cipher algorithm used to encrypt/decrypt the serialized session data.

        Defaults to "AES/CBC/PKCS5Padding".

        Parameters:
        cipherAlgorithm - a cipher algorithm

      • getMaxSessionCookieSize

        public int getMaxSessionCookieSize()
        Maximum size of the session cookie. If encrypted cookie exceeds it, it will be partitioned.

        According to the RFC 2109 web cookies should be at least 4096 bytes per cookie and at least 20 cookies per domain should be supported.

        Defaults to: 1932.

        Returns:
        the maximum size of the cookie session.

      • setMaxSessionCookieSize

        public void setMaxSessionCookieSize​(int maxSessionCookieSize)
        Set maximum size of the session cookie. If encrypted cookie session exceeds it, it wil be partitioned.

        If it is less than 1024 or greater than 4096 default value will be used.

        Parameters:
        maxSessionCookieSize - a maximum size of one session cookie.

      • getMaxInactivityInterval

        public Duration getMaxInactivityInterval()
        Maximum inactivity time (in units defined by TimeUnit) after which session will be invalidated.

        Defaults to: 24 hours. If time between last access and current time is less than or equal to max inactive time, session will become valid.

        Returns:
        the maximum session inactivity time

      • setMaxInactivityInterval

        public void setMaxInactivityInterval​(Duration maxInactivityInterval)
        Set maximum inactivity time (in seconds) of the cookie session.
        Parameters:
        maxInactivityInterval - a maximum inactivity time of the cookie session