forked from ringo/stick
-
Notifications
You must be signed in to change notification settings - Fork 1
/
session.js
168 lines (149 loc) · 4.89 KB
/
session.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
/**
* @fileoverview This module provides middleware for HTTP sessions.
*
* It adds a `session` property to the request object that allows to store
* arbitrary data on on a per-visitor basis.
*
* The default session implementation is based on Java Servlet sessions.
* This can be overridden by setting the `app.session.impl` property to an
* alternative session constructor.
*
* app.session.impl = MySession;
*
* The session constructor will be called
* with the request object as only argument when the session is first accessed.
*/
/**
* This middleware provides support for anonymous user sessions.
*
* @param {Function} next the wrapped middleware chain
* @param {Object} app the Stick Application object
* @returns {Function} a JSGI middleware function
*/
exports.middleware = function session(next, app) {
// make session implementation configurable
app.session = {
impl: ServletSession
};
return function session(req) {
var _session;
/**
* A session object for the current request. If no session exists
* a new one will be created.
* @see ServletSession
* @name request.session
*/
Object.defineProperty(req, "session", {
get: function() {
if (!_session)
_session = new app.session.impl(req);
return _session;
}
});
return next(req);
};
};
/**
* An HTTP session object based on top of servlet sessions.
* Properties of the session's data object are persisted
* between requests of the same client.
* @param request a JSGI or servlet request object
*/
var ServletSession = exports.ServletSession = function(request) {
var data;
var volatileData;
var servletRequest = request instanceof javax.servlet.ServletRequest ?
request : request.env.servletRequest;
function getSession() {
return servletRequest.getSession();
}
/**
* A container for things to store in this session between requests.
*/
Object.defineProperty(this, "data", {
get: function() {
if (!data) {
// session.data is a JavaAdapter that directly proxies property access
// to the attributes in the servlet session object.
data = new JavaAdapter(org.mozilla.javascript.NativeObject, {
put: function(name, start, value) {
getSession().setAttribute(name, value);
},
get: function(name, start) {
if (Object.prototype[name]) {
return Object.prototype[name];
}
return getSession().getAttribute(name);
}
});
}
return data;
},
enumerable: true
});
/**
* True if this session was created in the current request.
* This can be useful to find out if the client has cookies disabled
* for cookie-based sessions.
*/
Object.defineProperty(this, "isNew", {
get: function() {
return getSession().isNew();
},
enumerable: true
});
/**
* Createtime of the current session.
*/
Object.defineProperty(this, "creationTime", {
get: function() {
return getSession().getCreationTime();
},
enumerable: true
});
/**
* A time interval in seconds, which the session will be open.
* If the interval is exceeded, the session gets invalidated.
*/
Object.defineProperty(this, "maxInactiveInterval", {
get: function() {
return getSession().getMaxInactiveInterval();
},
set: function(interval) {
return getSession().setMaxInactiveInterval(interval);
},
enumerable: true
});
/**
* Time in Unix epoch milliseconds since the last client access.
*/
Object.defineProperty(this, "lastAccessedTime", {
get: function() {
return getSession().getLastAccessedTime();
},
enumerable: true
});
/**
* Destroys the current session and any data bound to it.
*/
this.invalidate = function() {
getSession().invalidate();
};
// save and reset the volatile session object
volatileData = getSession().getAttribute("__volatileData__");
getSession().setAttribute("__volatileData__", null);
/**
* A volatile property which survives a HTTP redirect and can be used
* for warnings or error messages in forms. After a requests was handled,
* the property is reset to null.
*/
Object.defineProperty(this, "volatile", {
get: function() {
return volatileData;
},
set: function(value) {
getSession().setAttribute("__volatileData__", value);
},
enumerable: true
});
};