2 // System.Web.SessionState.SesionStateModule
5 // Gonzalo Paniagua Javier (gonzalo@ximian.com)
6 // Stefan Görling (stefan@gorling.se)
7 // Jackson Harper (jackson@ximian.com)
9 // Copyright (C) 2002-2006 Novell, Inc (http://www.novell.com)
10 // (C) 2003 Stefan Görling (http://www.gorling.se)
12 // Permission is hereby granted, free of charge, to any person obtaining
13 // a copy of this software and associated documentation files (the
14 // "Software"), to deal in the Software without restriction, including
15 // without limitation the rights to use, copy, modify, merge, publish,
16 // distribute, sublicense, and/or sell copies of the Software, and to
17 // permit persons to whom the Software is furnished to do so, subject to
18 // the following conditions:
20 // The above copyright notice and this permission notice shall be
21 // included in all copies or substantial portions of the Software.
23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
33 using System.Web.Configuration;
34 using System.Web.Caching;
35 using System.Web.Util;
36 using System.Security.Cryptography;
37 using System.Security.Permissions;
39 namespace System.Web.SessionState
41 // CAS - no InheritanceDemand here as the class is sealed
42 [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
43 public sealed class SessionStateModule : IHttpModule
45 internal const string CookieName = "ASPSESSION";
46 internal const string HeaderName = "AspFilterSessionId";
47 static object locker = new object ();
51 static private SessionStateSection config {
54 return (SessionStateSection) AppDomain.CurrentDomain.GetData ("SessionStateModule.config");
58 AppDomain.CurrentDomain.SetData ("SessionStateModule.config", value);
61 static private Type handlerType
65 return (Type) AppDomain.CurrentDomain.GetData ("SessionStateModule.handlerType");
69 AppDomain.CurrentDomain.SetData ("SessionStateModule.handlerType", value);
73 static private SessionConfig config {
75 return (SessionConfig)AppDomain.CurrentDomain.GetData("SessionStateModule.config");
78 AppDomain.CurrentDomain.SetData("SessionStateModule.config", value);
81 static private Type handlerType {
83 return (Type)AppDomain.CurrentDomain.GetData("SessionStateModule.handlerType");
86 AppDomain.CurrentDomain.SetData("SessionStateModule.handlerType", value);
92 static SessionStateSection config;
94 static SessionConfig config;
96 static Type handlerType;
98 ISessionHandler handler;
99 bool sessionForStaticFiles;
101 static RandomNumberGenerator rng = RandomNumberGenerator.Create ();
103 [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
104 public SessionStateModule ()
108 internal RandomNumberGenerator Rng {
112 public void Dispose ()
119 SessionStateSection GetConfig ()
121 SessionConfig GetConfig ()
129 config = (SessionStateSection) WebConfigurationManager.GetSection ("system.web/sessionState");
131 config = (SessionConfig) HttpContext.GetAppConfig ("system.web/sessionState");
133 config = new SessionConfig (null);
137 if (config.Mode == SessionStateMode.SQLServer || config.Mode == SessionStateMode.StateServer)
138 throw new NotImplementedException("You must use web.xml to specify session state handling");
140 if (config.Mode == SessionStateMode.StateServer)
141 handlerType = typeof (SessionStateServerHandler);
143 if (config.Mode == SessionStateMode.SQLServer)
144 handlerType = typeof (SessionSQLServerHandler);
146 if (config.Mode == SessionStateMode.InProc)
147 handlerType = typeof (SessionInProcHandler);
153 [EnvironmentPermission (SecurityAction.Assert, Read = "MONO_XSP_STATIC_SESSION")]
154 public void Init (HttpApplication app)
156 sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
158 SessionStateSection cfg = GetConfig ();
160 SessionConfig cfg = GetConfig ();
162 if (handlerType == null)
166 app.BeginRequest += new EventHandler (OnBeginRequest);
168 app.AcquireRequestState += new EventHandler (OnAcquireState);
169 app.ReleaseRequestState += new EventHandler (OnReleaseRequestState);
170 app.EndRequest += new EventHandler (OnEndRequest);
172 if (handlerType != null && handler == null) {
173 handler = (ISessionHandler) Activator.CreateInstance (handlerType);
174 handler.Init (this, app, cfg); //initialize
178 void OnBeginRequest (object o, EventArgs args)
180 HttpApplication application = (HttpApplication) o;
181 HttpContext context = application.Context;
182 string base_path = context.Request.BaseVirtualDir;
183 string id = UrlUtils.GetSessionId (base_path);
188 string new_path = UrlUtils.RemoveSessionId (base_path, context.Request.FilePath);
189 context.Request.SetFilePath (new_path);
190 context.Request.SetHeader (HeaderName, id);
191 context.Response.SetAppPathModifier (String.Concat ("(", id, ")"));
194 void OnReleaseRequestState (object o, EventArgs args)
199 HttpApplication application = (HttpApplication) o;
200 HttpContext context = application.Context;
201 handler.UpdateHandler (context, this);
204 void OnEndRequest (object o, EventArgs args)
208 void OnAcquireState (object o, EventArgs args)
210 HttpApplication application = (HttpApplication) o;
211 HttpContext context = application.Context;
213 bool required = (context.Handler is IRequiresSessionState);
215 // This is a hack. Sites that use Session in global.asax event handling code
216 // are not supposed to get a Session object for static files, but seems that
217 // IIS handles those files before getting there and thus they are served without
219 // As a workaround, setting MONO_XSP_STATIC_SESSION variable make this work
220 // on mono, but you lose performance when serving static files.
221 if (sessionForStaticFiles && context.Handler is StaticFileHandler)
225 bool read_only = (context.Handler is IReadOnlySessionState);
228 HttpSessionState session = null;
230 session = handler.UpdateContext (context, this, required, read_only, ref isNew);
232 if (session != null) {
234 session.SetNewSession (true);
237 session = session.Clone ();
239 context.SetSession (session);
241 HttpRequest request = context.Request;
242 HttpResponse response = context.Response;
243 string id = context.Session.SessionID;
244 if (isNew && config.CookieLess) {
245 request.SetHeader (HeaderName, id);
246 response.Redirect (UrlUtils.InsertSessionId (id, request.FilePath));
248 HttpCookie cookie = new HttpCookie (CookieName, id);
249 cookie.Path = request.ApplicationPath;
250 context.Response.AppendCookie (cookie);
258 void OnSessionStart ()
261 Start (this, EventArgs.Empty);
264 internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
267 SessionStateSection cfg = GetConfig ();
269 SessionConfig cfg = GetConfig ();
272 // Only invoked for InProc (see msdn2 docs on SessionStateModule.End)
273 if (cfg.Mode == SessionStateMode.InProc)
274 HttpApplicationFactory.InvokeSessionEnd (value);
277 public event EventHandler Start;
279 // This event is public, but only Session_[On]End in global.asax will be invoked if present.
280 public event EventHandler End;