CookieHttpSessionIdResolver (spring-session-docs 2.4.6 API)

java.lang.Object
- org.springframework.session.web.http.CookieHttpSessionIdResolver

All Implemented Interfaces:

HttpSessionIdResolver
```
public final class CookieHttpSessionIdResolver
extends java.lang.Object
implements HttpSessionIdResolver
```
A HttpSessionIdResolver that uses a cookie to obtain the session from. Specifically, this implementation will allow specifying a cookie serialization strategy using setCookieSerializer(CookieSerializer). The default is cookie name is "SESSION". When a session is created, the HTTP response will have a cookie with the specified cookie name and the value of the session id. The cookie will be marked as a session cookie, use the context path for the path of the cookie, marked as HTTPOnly, and if ServletRequest.isSecure() returns true, the cookie will be marked as secure. For example:
```
 HTTP/1.1 200 OK
 Set-Cookie: SESSION=f81d4fae-7dec-11d0-a765-00a0c91e6bf6; Path=/context-root; Secure; HttpOnly
 
```
The client should now include the session in each request by specifying the same cookie in their request. For example:
```
 GET /messages/ HTTP/1.1
 Host: example.com
 Cookie: SESSION=f81d4fae-7dec-11d0-a765-00a0c91e6bf6
 
```
When the session is invalidated, the server will send an HTTP response that expires the cookie. For example:
```
 HTTP/1.1 200 OK
 Set-Cookie: SESSION=f81d4fae-7dec-11d0-a765-00a0c91e6bf6; Expires=Thur, 1 Jan 1970 00:00:00 GMT; Secure; HttpOnly
 
```
Since:

1.0

Constructor Summary

Constructors
Constructor and Description

CookieHttpSessionIdResolver()

Constructors
Constructor and Description
`CookieHttpSessionIdResolver()`

Method Summary

All Methods Instance Methods Concrete Methods
Modifier and Type	Method and Description
`void`	`expireSession(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response)` Instruct the client to end the current session.
`java.util.List<java.lang.String>`	`resolveSessionIds(javax.servlet.http.HttpServletRequest request)` Resolve the session ids associated with the provided `HttpServletRequest`.
`void`	`setCookieSerializer(CookieSerializer cookieSerializer)` Sets the `CookieSerializer` to be used.
`void`	`setSessionId(javax.servlet.http.HttpServletRequest request, javax.servlet.http.HttpServletResponse response, java.lang.String sessionId)` Send the given session id to the client.

Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

- Constructor Detail
  - CookieHttpSessionIdResolver
```
public CookieHttpSessionIdResolver()
```
- Method Detail
  - resolveSessionIds
```
public java.util.List<java.lang.String> resolveSessionIds(javax.servlet.http.HttpServletRequest request)
```
    Description copied from interface: HttpSessionIdResolver
    
    Resolve the session ids associated with the provided HttpServletRequest. For example, the session id might come from a cookie or a request header.
    
    Specified by:
    
    resolveSessionIds in interface HttpSessionIdResolver
    
    Parameters:
    
    request - the current request
    
    Returns:
    
    the session ids
  - setSessionId
```
public void setSessionId(javax.servlet.http.HttpServletRequest request,
                         javax.servlet.http.HttpServletResponse response,
                         java.lang.String sessionId)
```
    Description copied from interface: HttpSessionIdResolver
    
    Send the given session id to the client. This method is invoked when a new session is created and should inform a client what the new session id is. For example, it might create a new cookie with the session id in it or set an HTTP response header with the value of the new session id.
    
    Specified by:
    
    setSessionId in interface HttpSessionIdResolver
    
    Parameters:
    
    request - the current request
    
    response - the current response
    
    sessionId - the session id
  - expireSession
```
public void expireSession(javax.servlet.http.HttpServletRequest request,
                          javax.servlet.http.HttpServletResponse response)
```
    Description copied from interface: HttpSessionIdResolver
    
    Instruct the client to end the current session. This method is invoked when a session is invalidated and should inform a client that the session id is no longer valid. For example, it might remove a cookie with the session id in it or set an HTTP response header with an empty value indicating to the client to no longer submit that session id.
    
    Specified by:
    
    expireSession in interface HttpSessionIdResolver
    
    Parameters:
    
    request - the current request
    
    response - the current response
  - setCookieSerializer
```
public void setCookieSerializer(CookieSerializer cookieSerializer)
```
    Sets the CookieSerializer to be used.
    
    Parameters:
    
    cookieSerializer - the cookieSerializer to set. Cannot be null.

Class CookieHttpSessionIdResolver

Constructor Summary

Method Summary

Methods inherited from class java.lang.Object

Constructor Detail

CookieHttpSessionIdResolver

Method Detail

resolveSessionIds

setSessionId

expireSession

setCookieSerializer