mcs/class/System.Web/System.Web.SessionState/SessionStateModule.cs

   1 //
   2 // System.Web.SessionState.SesionStateModule
   3 //
   4 // Authors:
   5 //      Gonzalo Paniagua Javier (gonzalo@ximian.com)
   6 //      Stefan Görling (stefan@gorling.se)
   7 //      Jackson Harper (jackson@ximian.com)
   8 //
   9 // Copyright (C) 2002-2006 Novell, Inc (http://www.novell.com)
  10 // (C) 2003 Stefan Görling (http://www.gorling.se)
  11 //
  12 // Permission is hereby granted, free of charge, to any person obtaining
  13 // a copy of this software and associated documentation files (the
  14 // "Software"), to deal in the Software without restriction, including
  15 // without limitation the rights to use, copy, modify, merge, publish,
  16 // distribute, sublicense, and/or sell copies of the Software, and to
  17 // permit persons to whom the Software is furnished to do so, subject to
  18 // the following conditions:
  19 //
  20 // The above copyright notice and this permission notice shall be
  21 // included in all copies or substantial portions of the Software.
  22 //
  23 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
  24 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
  25 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
  26 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
  27 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
  28 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
  29 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
  30 //
  31
  32
  33 using System.Web.Configuration;
  34 using System.Web.Caching;
  35 using System.Web.Util;
  36 using System.Security.Cryptography;
  37 using System.Security.Permissions;
  38
  39 namespace System.Web.SessionState
  40 {
  41         // CAS - no InheritanceDemand here as the class is sealed
  42         [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
  43         public sealed class SessionStateModule : IHttpModule
  44         {
  45                 internal const string CookieName = "ASPSESSION";
  46                 internal const string HeaderName = "AspFilterSessionId";
  47                 static object locker = new object ();
  48
  49 #if TARGET_J2EE
  50 #if NET_2_0
  51                 static private SessionStateSection config {
  52                         get
  53                         {
  54                                 return (SessionStateSection) AppDomain.CurrentDomain.GetData ("SessionStateModule.config");
  55                         }
  56                         set
  57                         {
  58                                 AppDomain.CurrentDomain.SetData ("SessionStateModule.config", value);
  59                         }
  60                 }
  61                 static private Type handlerType
  62                 {
  63                         get
  64                         {
  65                                 return (Type) AppDomain.CurrentDomain.GetData ("SessionStateModule.handlerType");
  66                         }
  67                         set
  68                         {
  69                                 AppDomain.CurrentDomain.SetData ("SessionStateModule.handlerType", value);
  70                         }
  71                 }
  72 #else
  73                 static private SessionConfig config {
  74                         get {
  75                                 return (SessionConfig)AppDomain.CurrentDomain.GetData("SessionStateModule.config");
  76                         }
  77                         set {
  78                                 AppDomain.CurrentDomain.SetData("SessionStateModule.config", value);
  79                         }
  80                 }
  81                 static private Type handlerType {
  82                         get {
  83                                 return (Type)AppDomain.CurrentDomain.GetData("SessionStateModule.handlerType");
  84                         }
  85                         set {
  86                                 AppDomain.CurrentDomain.SetData("SessionStateModule.handlerType", value);
  87                         }
  88                 }
  89 #endif
  90 #else
  91 #if NET_2_0
  92                 static SessionStateSection config;
  93 #else
  94                 static SessionConfig config;
  95 #endif
  96                 static Type handlerType;
  97 #endif
  98                 ISessionHandler handler;
  99                 bool sessionForStaticFiles;
 100
 101                 static RandomNumberGenerator rng = RandomNumberGenerator.Create ();
 102
 103                 [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
 104                 public SessionStateModule ()
 105                 {
 106                 }
 107
 108                 internal RandomNumberGenerator Rng {
 109                         get { return rng; }
 110                 }
 111
 112                 public void Dispose ()
 113                 {
 114                     if (handler!=null)
 115                         handler.Dispose();
 116                 }
 117
 118 #if NET_2_0
 119                 SessionStateSection GetConfig ()
 120 #else
 121                 SessionConfig GetConfig ()
 122 #endif
 123                 {
 124                         lock (locker) {
 125                                 if (config != null)
 126                                         return config;
 127
 128 #if NET_2_0
 129                                 config = (SessionStateSection) WebConfigurationManager.GetSection ("system.web/sessionState");
 130 #else
 131                                 config = (SessionConfig) HttpContext.GetAppConfig ("system.web/sessionState");
 132                                 if (config ==  null)
 133                                         config = new SessionConfig (null);
 134 #endif
 135
 136 #if TARGET_J2EE
 137                                 if (config.Mode == SessionStateMode.SQLServer || config.Mode == SessionStateMode.StateServer)
 138                                         throw new NotImplementedException("You must use web.xml to specify session state handling");
 139 #else
 140                                 if (config.Mode == SessionStateMode.StateServer)
 141                                         handlerType = typeof (SessionStateServerHandler);
 142
 143                                 if (config.Mode == SessionStateMode.SQLServer)
 144                                         handlerType = typeof (SessionSQLServerHandler);
 145 #endif
 146                                 if (config.Mode == SessionStateMode.InProc)
 147                                         handlerType = typeof (SessionInProcHandler);
 148
 149                                 return config;
 150                         }
 151                 }
 152
 153                 [EnvironmentPermission (SecurityAction.Assert, Read = "MONO_XSP_STATIC_SESSION")]
 154                 public void Init (HttpApplication app)
 155                 {
 156                         sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
 157 #if NET_2_0
 158                         SessionStateSection cfg = GetConfig ();
 159 #else
 160                         SessionConfig cfg = GetConfig ();
 161 #endif
 162                         if (handlerType == null)
 163                                 return;
 164
 165                         if (cfg.CookieLess)
 166                                 app.BeginRequest += new EventHandler (OnBeginRequest);
 167
 168                         app.AcquireRequestState += new EventHandler (OnAcquireState);
 169                         app.ReleaseRequestState += new EventHandler (OnReleaseRequestState);
 170                         app.EndRequest += new EventHandler (OnEndRequest);
 171
 172                         if (handlerType != null && handler == null) {
 173                                 handler = (ISessionHandler) Activator.CreateInstance (handlerType);
 174                                 handler.Init (this, app, cfg); //initialize
 175                         }
 176                 }
 177
 178                 void OnBeginRequest (object o, EventArgs args)
 179                 {
 180                         HttpApplication application = (HttpApplication) o;
 181                         HttpContext context = application.Context;
 182                         string base_path = context.Request.BaseVirtualDir;
 183                         string id = UrlUtils.GetSessionId (base_path);
 184
 185                         if (id == null)
 186                                 return;
 187
 188                         string new_path = UrlUtils.RemoveSessionId (base_path, context.Request.FilePath);
 189                         context.Request.SetFilePath (new_path);
 190                         context.Request.SetHeader (HeaderName, id);
 191                         context.Response.SetAppPathModifier (String.Concat ("(", id, ")"));
 192                 }
 193
 194                 void OnReleaseRequestState (object o, EventArgs args)
 195                 {
 196                         if (handler == null)
 197                                 return;
 198
 199                         HttpApplication application = (HttpApplication) o;
 200                         HttpContext context = application.Context;
 201                         handler.UpdateHandler (context, this);
 202                 }
 203
 204                 void OnEndRequest (object o, EventArgs args)
 205                 {
 206                 }
 207
 208                 void OnAcquireState (object o, EventArgs args)
 209                 {
 210                         HttpApplication application = (HttpApplication) o;
 211                         HttpContext context = application.Context;
 212
 213                         bool required = (context.Handler is IRequiresSessionState);
 214
 215                         // This is a hack. Sites that use Session in global.asax event handling code
 216                         // are not supposed to get a Session object for static files, but seems that
 217                         // IIS handles those files before getting there and thus they are served without
 218                         // error.
 219                         // As a workaround, setting MONO_XSP_STATIC_SESSION variable make this work
 220                         // on mono, but you lose performance when serving static files.
 221                         if (sessionForStaticFiles && context.Handler is StaticFileHandler)
 222                                 required = true;
 223                         // hack end
 224
 225                         bool read_only = (context.Handler is IReadOnlySessionState);
 226
 227                         bool isNew = false;
 228                         HttpSessionState session = null;
 229                         if (handler != null)
 230                                 session = handler.UpdateContext (context, this, required, read_only, ref isNew);
 231
 232                         if (session != null) {
 233                                 if (isNew)
 234                                         session.SetNewSession (true);
 235
 236                                 if (read_only)
 237                                         session = session.Clone ();
 238
 239                                 context.SetSession (session);
 240
 241                                 HttpRequest request = context.Request;
 242                                 HttpResponse response = context.Response;
 243                                 string id = context.Session.SessionID;
 244                                 if (isNew && config.CookieLess) {
 245                                         request.SetHeader (HeaderName, id);
 246                                         response.Redirect (UrlUtils.InsertSessionId (id, request.FilePath));
 247                                 } else if (isNew) {
 248                                         HttpCookie cookie = new HttpCookie (CookieName, id);
 249                                         cookie.Path = request.ApplicationPath;
 250                                         context.Response.AppendCookie (cookie);
 251                                 }
 252
 253                                 if (isNew)
 254                                         OnSessionStart ();
 255                         }
 256                 }
 257
 258                 void OnSessionStart ()
 259                 {
 260                         if (Start != null)
 261                                 Start (this, EventArgs.Empty);
 262                 }
 263
 264                 internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
 265                 {
 266 #if NET_2_0
 267                         SessionStateSection cfg = GetConfig ();
 268 #else
 269                         SessionConfig cfg = GetConfig ();
 270 #endif
 271
 272                         // Only invoked for InProc (see msdn2 docs on SessionStateModule.End)
 273                         if (cfg.Mode == SessionStateMode.InProc)
 274                                 HttpApplicationFactory.InvokeSessionEnd (value);
 275                 }
 276
 277                 public event EventHandler Start;
 278
 279                 // This event is public, but only Session_[On]End in global.asax will be invoked if present.
 280                 public event EventHandler End;
 281         }
 282 }
 283