2 // System.Web.SessionState.SesionStateModule
5 // Gonzalo Paniagua Javier (gonzalo@ximian.com)
6 // Stefan Görling (stefan@gorling.se)
7 // Jackson Harper (jackson@ximian.com)
9 // (C) 2002,2003,2004,2005 Novell, Inc (http://www.novell.com)
10 // (C) 2003 Stefan Görling (http://www.gorling.se)
13 // Permission is hereby granted, free of charge, to any person obtaining
14 // a copy of this software and associated documentation files (the
15 // "Software"), to deal in the Software without restriction, including
16 // without limitation the rights to use, copy, modify, merge, publish,
17 // distribute, sublicense, and/or sell copies of the Software, and to
18 // permit persons to whom the Software is furnished to do so, subject to
19 // the following conditions:
21 // The above copyright notice and this permission notice shall be
22 // included in all copies or substantial portions of the Software.
24 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
25 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
26 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
27 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
28 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
29 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
30 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
34 using System.Web.Caching;
35 using System.Web.Util;
36 using System.Security.Cryptography;
38 namespace System.Web.SessionState
40 public sealed class SessionStateModule : IHttpModule
42 internal static readonly string CookieName = "ASPSESSION";
43 internal static readonly string HeaderName = "AspFilterSessionId";
46 static private SessionConfig config {
48 return (SessionConfig)AppDomain.CurrentDomain.GetData("SessionStateModule.config");
51 AppDomain.CurrentDomain.SetData("SessionStateModule.config", value);
54 static private Type handlerType {
56 return (Type)AppDomain.CurrentDomain.GetData("SessionStateModule.handlerType");
59 AppDomain.CurrentDomain.SetData("SessionStateModule.handlerType", value);
63 static SessionConfig config;
64 static Type handlerType;
66 ISessionHandler handler;
67 bool sessionForStaticFiles;
69 static RandomNumberGenerator rng = new RNGCryptoServiceProvider ();
71 public SessionStateModule ()
75 internal RandomNumberGenerator Rng {
79 public void Dispose ()
85 public void Init (HttpApplication app)
87 sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
89 config = (SessionConfig) HttpContext.GetAppConfig ("system.web/sessionState");
91 config = new SessionConfig (null);
94 if (config.Mode == SessionStateMode.SQLServer || config.Mode == SessionStateMode.StateServer)
95 throw new NotImplementedException("You must use web.xml to specify session state handling");
97 if (config.Mode == SessionStateMode.StateServer)
98 handlerType = typeof (SessionStateServerHandler);
100 if (config.Mode == SessionStateMode.SQLServer)
101 handlerType = typeof (SessionSQLServerHandler);
104 if (config.Mode == SessionStateMode.InProc)
105 handlerType = typeof (SessionInProcHandler);
107 if (config.Mode == SessionStateMode.Off)
111 if (config.CookieLess)
112 app.BeginRequest += new EventHandler (OnBeginRequest);
114 app.AddOnAcquireRequestStateAsync (
115 new BeginEventHandler (OnBeginAcquireState),
116 new EndEventHandler (OnEndAcquireState));
118 app.ReleaseRequestState += new EventHandler (OnReleaseRequestState);
119 app.EndRequest += new EventHandler (OnEndRequest);
121 if (handlerType != null && handler == null) {
122 handler = (ISessionHandler) Activator.CreateInstance (handlerType);
123 handler.Init (this, app, config); //initialize
127 void OnBeginRequest (object o, EventArgs args)
129 HttpApplication application = (HttpApplication) o;
130 HttpContext context = application.Context;
131 string base_path = context.Request.BaseVirtualDir;
132 string id = UrlUtils.GetSessionId (base_path);
137 context.Request.SetCurrentExePath (UrlUtils.RemoveSessionId (base_path,
138 context.Request.FilePath));
139 context.Request.SetHeader (HeaderName, id);
140 context.Response.SetAppPathModifier (String.Format ("({0})", id));
143 void OnReleaseRequestState (object o, EventArgs args)
148 HttpApplication application = (HttpApplication) o;
149 HttpContext context = application.Context;
150 handler.UpdateHandler (context, this);
153 void OnEndRequest (object o, EventArgs args)
157 IAsyncResult OnBeginAcquireState (object o, EventArgs args, AsyncCallback cb, object data)
159 HttpApplication application = (HttpApplication) o;
160 HttpContext context = application.Context;
162 bool required = (context.Handler is IRequiresSessionState);
164 // This is a hack. Sites that use Session in global.asax event handling code
165 // are not supposed to get a Session object for static files, but seems that
166 // IIS handles those files before getting there and thus they are served without
168 // As a workaround, setting MONO_XSP_STATIC_SESSION variable make this work
169 // on mono, but you lose performance when serving static files.
170 if (sessionForStaticFiles && context.Handler is StaticFileHandler)
174 bool read_only = (context.Handler is IReadOnlySessionState);
177 HttpSessionState session = null;
179 session = handler.UpdateContext (context, this, required, read_only, ref isNew);
181 if (session != null) {
183 session.SetNewSession (true);
186 session = session.Clone ();
188 context.SetSession (session);
190 if (isNew && config.CookieLess) {
191 string id = context.Session.SessionID;
192 context.Request.SetHeader (HeaderName, id);
193 context.Response.Redirect (UrlUtils.InsertSessionId (id,
194 context.Request.FilePath));
196 string id = context.Session.SessionID;
197 HttpCookie cookie = new HttpCookie (CookieName, id);
198 cookie.Path = UrlUtils.GetDirectory (context.Request.ApplicationPath);
199 context.Response.AppendCookie (cookie);
203 // In the future, we might want to move the Async stuff down to
204 // the interface level, if we're going to support other than
205 // InProc, we might actually want to do things async, now we
207 HttpAsyncResult result=new HttpAsyncResult (cb,this);
208 result.Complete (true, o, null);
209 if (isNew && Start != null)
215 void OnEndAcquireState (IAsyncResult result) { }
217 internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
222 internal void OnEnd ()
226 End (this, EventArgs.Empty);
230 public event EventHandler Start;
231 public event EventHandler End;