Class DefaultCookieSerializer
- All Implemented Interfaces:
CookieSerializer
CookieSerializer
.- Since:
- 1.1
-
Nested Class Summary
Nested classes/interfaces inherited from interface org.springframework.session.web.http.CookieSerializer
CookieSerializer.CookieValue
-
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionreadCookieValues
(jakarta.servlet.http.HttpServletRequest request) Reads all the matching cookies from theHttpServletRequest
.void
setCookieMaxAge
(int cookieMaxAge) Sets the maxAge property of the Cookie.void
setCookieName
(String cookieName) void
setCookiePath
(String cookiePath) Sets the path of the Cookie.void
setDomainName
(String domainName) Sets an explicit Domain Name.void
setDomainNamePattern
(String domainNamePattern) Sets a case insensitive pattern used to extract the domain name from theServletRequest.getServerName()
.void
setJvmRoute
(String jvmRoute) Used to identify which JVM to route to for session affinity.void
setRememberMeRequestAttribute
(String rememberMeRequestAttribute) Set the request attribute name that indicates remember-me login.void
setSameSite
(String sameSite) Set the value for theSameSite
cookie directive.void
setUseBase64Encoding
(boolean useBase64Encoding) Set if the Base64 encoding of cookie value should be used.void
setUseHttpOnlyCookie
(boolean useHttpOnlyCookie) Sets if a Cookie marked as HTTP Only should be used.void
setUseSecureCookie
(boolean useSecureCookie) Sets if a Cookie marked as secure should be used.void
writeCookieValue
(CookieSerializer.CookieValue cookieValue) Writes a givenCookieSerializer.CookieValue
to the providedHttpServletResponse
.
-
Constructor Details
-
DefaultCookieSerializer
public DefaultCookieSerializer()
-
-
Method Details
-
readCookieValues
Description copied from interface:CookieSerializer
Reads all the matching cookies from theHttpServletRequest
. The result is a List since there can be multipleCookie
in a single request with a matching name. For example, one Cookie may have a path of / and another of /context, but the path is not transmitted in the request.- Specified by:
readCookieValues
in interfaceCookieSerializer
- Parameters:
request
- theHttpServletRequest
to read the cookie from. Cannot be null.- Returns:
- the values of all the matching cookies
-
writeCookieValue
Description copied from interface:CookieSerializer
Writes a givenCookieSerializer.CookieValue
to the providedHttpServletResponse
.- Specified by:
writeCookieValue
in interfaceCookieSerializer
- Parameters:
cookieValue
- theCookieSerializer.CookieValue
to write toCookieSerializer.CookieValue.getResponse()
. Cannot be null.
-
setUseSecureCookie
public void setUseSecureCookie(boolean useSecureCookie) Sets if a Cookie marked as secure should be used. The default is to use the value ofServletRequest.isSecure()
.- Parameters:
useSecureCookie
- determines if the cookie should be marked as secure.
-
setUseHttpOnlyCookie
public void setUseHttpOnlyCookie(boolean useHttpOnlyCookie) Sets if a Cookie marked as HTTP Only should be used. The default is true.- Parameters:
useHttpOnlyCookie
- determines if the cookie should be marked as HTTP Only.
-
setCookiePath
Sets the path of the Cookie. The default is to use the context path from theHttpServletRequest
.- Parameters:
cookiePath
- the path of the Cookie. If null, the default of the context path will be used.
-
setCookieName
-
setCookieMaxAge
public void setCookieMaxAge(int cookieMaxAge) Sets the maxAge property of the Cookie. The default is to delete the cookie when the browser is closed.- Parameters:
cookieMaxAge
- the maxAge property of the Cookie (defined in seconds)
-
setDomainName
Sets an explicit Domain Name. This allow the domain of "example.com" to be used when the request comes from www.example.com. This allows for sharing the cookie across subdomains. The default is to use the current domain.- Parameters:
domainName
- the name of the domain to use. (i.e. "example.com")- Throws:
IllegalStateException
- if the domainNamePattern is also set
-
setDomainNamePattern
Sets a case insensitive pattern used to extract the domain name from the
ServletRequest.getServerName()
. The pattern should provide a single grouping that defines what the value is that should be matched. User's should be careful not to output malicious characters like new lines to prevent from things like HTTP Response Splitting.If the pattern does not match, then no domain will be set. This is useful to ensure the domain is not set during development when localhost might be used.
An example value might be "^.+?\\.(\\w+\\.[a-z]+)$". For the given input, it would provide the following explicit domain (null means no domain name is set):
- example.com - null
- child.sub.example.com - example.com
- localhost - null
- 127.0.1.1 - null
- Parameters:
domainNamePattern
- the case insensitive pattern to extract the domain name with- Throws:
IllegalStateException
- if the domainName is also set
-
setJvmRoute
Used to identify which JVM to route to for session affinity. With some implementations (i.e. Redis) this provides no performance benefit. However, this can help with tracing logs of a particular user. This will ensure that the value of the cookie is formatted as
sessionId + "." jvmRoute
To use set a custom route on each JVM instance and setup a frontend proxy to forward all requests to the JVM based on the route.
- Parameters:
jvmRoute
- the JVM Route to use (i.e. "node01jvmA", "n01ja", etc)
-
setUseBase64Encoding
public void setUseBase64Encoding(boolean useBase64Encoding) Set if the Base64 encoding of cookie value should be used. This is valuable in order to support RFC 6265 which recommends using Base 64 encoding to the cookie value.- Parameters:
useBase64Encoding
- the flag to indicate whether to use Base64 encoding
-
setRememberMeRequestAttribute
Set the request attribute name that indicates remember-me login. If specified, the cookie will be written as Integer.MAX_VALUE.- Parameters:
rememberMeRequestAttribute
- the remember-me request attribute name- Since:
- 1.3.0
-
setSameSite
Set the value for theSameSite
cookie directive. The default value isLax
.- Parameters:
sameSite
- the SameSite directive value- Since:
- 2.1.0
-