Package org.owasp.csrfguard.session

Interface LogicalSession

  • public interface LogicalSession
    Represents a logical session that enables decoupling from the container's session implementation in case the client application uses a stateless approach (e.g. token based authentication)

    • Method Detail

      • getKey

        String getKey()
        Returns the logical session key
        Returns:
        identifier that uniquely identifies the current actor

      • isNew

        boolean isNew()
        Returns true if the client does not yet know about the session or if the client chooses not to join the session.
        Returns:
        true if the server has created a session, but the client has not yet joined
        See Also:
        HttpSession.isNew()

      • invalidate

        void invalidate()
        Invalidates this session then unbinds any objects bound to it.

      • areTokensGenerated

        boolean areTokensGenerated()
        Returns:
        whether the objects were generated or not.

      • setTokensGenerated

        void setTokensGenerated​(boolean areTokensGenerated)
        Set whether the objects were generated or not.
        Parameters:
        areTokensGenerated - set true if the tokens were generated, false otherwise

      • setAttribute

        void setAttribute​(String attribute,
                  Object value)
        Saves an object to the current session
        Parameters:
        attribute - the name to which the object is bound; cannot be null
        value - the object to be bound
        See Also:
        HttpSession.setAttribute(java.lang.String, java.lang.Object)

      • getAttribute

        Object getAttribute​(String attributeName)
        Retrieves an object from the session using its name
        Parameters:
        attributeName - - identifies a certain object on the session
        Returns:
        the object associated to the attribute name
        See Also:
        HttpSession.getAttribute(String)