diff --git a/modules/ringo/httpserver.js b/modules/ringo/httpserver.js
index c94ad4626..a9f5fc60e 100644
--- a/modules/ringo/httpserver.js
+++ b/modules/ringo/httpserver.js
@@ -24,6 +24,11 @@ var options,
*
jettyConfig ('config/jetty.xml')
* port (8080)
* host (undefined)
+ * sessions (true)
+ * security (true)
+ * cookieName (null)
+ * httpOnlyCookies (false)
+ * secureCookies (false)
*
*
* For convenience, the constructor supports the definition of a JSGI application
@@ -69,6 +74,9 @@ function Server(options) {
* @param {Object} options may have the following properties:
* sessions: true to enable sessions for this context, false otherwise
* security: true to enable security for this context, false otherwise
+ * cookieName: optional cookie name
+ * httpOnlyCookies: true to enable http-only session cookies
+ * secureCookies: true to enable secure session cookies
* @see #Context
* @since: 0.6
* @returns a Context object
@@ -86,6 +94,15 @@ function Server(options) {
if (virtualHosts) {
cx.setVirtualHosts(Array.isArray(virtualHosts) ? virtualHosts : [String(virtualHosts)]);
}
+ var sessionHandler = cx.getSessionHandler();
+ if (sessionHandler != null) {
+ var sessionManager = sessionHandler.getSessionManager();
+ sessionManager.setHttpOnly(options.httpOnlyCookies);
+ sessionManager.setSecureCookies(options.secureCookies);
+ if (typeof(options.cookieName) === "string") {
+ sessionManager.setSessionCookie(options.cookieName);
+ }
+ }
contextMap[contextKey] = cx;
if (jetty.isRunning()) {
cx.start();
@@ -100,6 +117,12 @@ function Server(options) {
* @name Context
*/
return {
+ /**
+ * Returns the wrapped servlet context handler
+ */
+ getHandler: function() {
+ return cx;
+ },
/**
* Map this context to a JSGI application.
* @param {function|object} app a JSGI application, either as a function
@@ -319,8 +342,11 @@ function Server(options) {
// create default context
defaultContext = this.getContext(options.mountpoint || "/", options.virtualHost, {
- security: true,
- sessions: true
+ security: options.security !== false,
+ sessions: options.sessions !== false,
+ cookieName: options.cookieName || null,
+ httpOnlyCookies: options.httpOnlyCookies === true,
+ secureCookies: options.secureCookies === true
});
// If options defines an application mount it
diff --git a/test/ringo/httpserver_test.js b/test/ringo/httpserver_test.js
index ba241e825..ba30b45cb 100644
--- a/test/ringo/httpserver_test.js
+++ b/test/ringo/httpserver_test.js
@@ -200,6 +200,47 @@ exports.testMultipleHeaders = function () {
connection.getResponseCode();
};
+exports.testOptions = function() {
+ server.stop();
+ var config = {
+ host: host,
+ port: port,
+ sessions: false,
+ security: false
+ };
+ server = new Server(config);
+ server.start();
+ var cx = server.getDefaultContext();
+ assert.isNull(cx.getHandler().getSessionHandler());
+ assert.isNull(cx.getHandler().getSecurityHandler());
+ server.stop();
+ // enable sessions
+ config.sessions = true;
+ config.security = true;
+ server = new Server(config);
+ server.start();
+ cx = server.getDefaultContext();
+ assert.isNotNull(cx.getHandler().getSecurityHandler());
+ var sessionHandler = cx.getHandler().getSessionHandler();
+ assert.isNotNull(sessionHandler);
+ var sessionManager = sessionHandler.getSessionManager();
+ assert.strictEqual(sessionManager.getSessionCookie(), "JSESSIONID");
+ assert.isFalse(sessionManager.getHttpOnly());
+ assert.isFalse(sessionManager.getSecureCookies());
+ server.stop();
+ // configure session cookies
+ config.cookieName = "ringosession";
+ config.httpOnlyCookies = true;
+ config.secureCookies = true;
+ server = new Server(config);
+ server.start();
+ cx = server.getDefaultContext();
+ sessionManager = cx.getHandler().getSessionHandler().getSessionManager();
+ assert.strictEqual(sessionManager.getSessionCookie(), config.cookieName);
+ assert.isTrue(sessionManager.getHttpOnly());
+ assert.isTrue(sessionManager.getSecureCookies());
+};
+
// start the test runner if we're called directly from command line
if (require.main == module.id) {
var {run} = require("test");