session ID hashing started

src/resources/sessionmanager/src/java/org/wyona/yanel/impl/resources/sessionmanager/SessionManagerResource.java

@@ -47,7 +47,7 @@ protected InputStream getContentXML(String viewId) throws Exception {
         for (int i = 0; i < activeSessions.length; i++) {
             try {
                 Element sessionEl = doc.createElementNS(NAMESPACE, "session");
-                sessionEl.setAttribute("id", activeSessions[i].getId());
+                sessionEl.setAttribute("id", hashSessionID(activeSessions[i].getId()));
                 sessionEl.setAttribute("creation-time", dateFormat.format(new Date(activeSessions[i].getCreationTime())));
                 sessionEl.setAttribute("last-accessed-time", dateFormat.format(new Date(activeSessions[i].getLastAccessedTime())));
                 rootEl.appendChild(sessionEl);
@@ -68,12 +68,22 @@ protected InputStream getContentXML(String viewId) throws Exception {
                     sessionEl.appendChild(lastAccessedURLEl);
                 }
             } catch (Exception e) {
+                log.error(e.getMessage());
                 Element exceptionEl = doc.createElementNS(NAMESPACE, "exception");
-                exceptionEl.setAttribute("session-id", activeSessions[i].getId());
+                exceptionEl.setAttribute("session-id", hashSessionID(activeSessions[i].getId()));
                 exceptionEl.appendChild(doc.createTextNode(e.getMessage()));
                 rootEl.appendChild(exceptionEl);
             }
         }
         return org.wyona.commons.xml.XMLHelper.getInputStream(doc, false, false, null);
     }
+
+    /**
+     * Hash session ID in order to prevent session hijacking (http://en.wikipedia.org/wiki/Session_hijacking)
+     * @param id Real session ID
+     */
+    private String hashSessionID(String id) {
+        log.warn("TODO: Hash session ID...");
+        return id; // TODO: Hash session ID
+    }
 }