DefaultWebSessionManager类主要定义了session的创建,启动,暂停与cookie的关联的定义,它继承了DefaultWebSessionManager类,实现了WebSessionManager接口,现对其解析如下:
1.WebSessionManager接口
可以参考WebSessionManager接口源码解析,里面只有一个方法,定义了session是由servlet container管理还是shiro管理,如果servlet container管理,返回true;如果shiro管理,返回false。
2.DefaultWebSessionManager类
可以参考DefaultWebSessionManager类源码解析,主要定义了session的创建,更新等操作。
3.DefaultWebSessionManager类
3.1.数据属性
private Cookie sessionIdCookie;//sessionId cookie
private boolean sessionIdCookieEnabled;//session是否可以被保存到cookie中
3.2.构造方法
public DefaultWebSessionManager() {
Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
cookie.setHttpOnly(true); //more secure, protects against XSS attacks
this.sessionIdCookie = cookie;
this.sessionIdCookieEnabled = true;
}
3.3.获取sessionIdCookie
public Cookie getSessionIdCookie() {
return sessionIdCookie;
}
3.4.设置sessionIdCookie
public void setSessionIdCookie(Cookie sessionIdCookie) {
this.sessionIdCookie = sessionIdCookie;
}
3.5.是否将sessionId存储到cookie中
public boolean isSessionIdCookieEnabled() {
return sessionIdCookieEnabled;
}
3.6.设置是否将sessionId存储到cookie中
public void setSessionIdCookieEnabled(boolean sessionIdCookieEnabled) {
this.sessionIdCookieEnabled = sessionIdCookieEnabled;
}
3.7.存储sessionId到cookie中
private void storeSessionId(Serializable currentId, HttpServletRequest request, HttpServletResponse response) {
if (currentId == null) {
String msg = "sessionId cannot be null when persisting for subsequent requests.";
throw new IllegalArgumentException(msg);
}
Cookie template = getSessionIdCookie();
Cookie cookie = new SimpleCookie(template);
String idString = currentId.toString();
cookie.setValue(idString);
cookie.saveTo(request, response);
log.trace("Set session ID cookie for session with id {}", idString);
}
3.8.从cookie中移除session信息
private void removeSessionIdCookie(HttpServletRequest request, HttpServletResponse response) {
getSessionIdCookie().removeFrom(request, response)