// // System.Web.Compilation.SessionStateItemCollection // // Authors: // Marek Habersack (grendello@gmail.com) // // (C) 2006 Marek Habersack // // // Permission is hereby granted, free of charge, to any person obtaining // a copy of this software and associated documentation files (the // "Software"), to deal in the Software without restriction, including // without limitation the rights to use, copy, modify, merge, publish, // distribute, sublicense, and/or sell copies of the Software, and to // permit persons to whom the Software is furnished to do so, subject to // the following conditions: // // The above copyright notice and this permission notice shall be // included in all copies or substantial portions of the Software. // // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. // #if NET_2_0 using System.Security.Cryptography; using System.Web; using System.Web.Configuration; using System.Web.Util; namespace System.Web.SessionState { public class SessionIDManager : ISessionIDManager { SessionStateSection config; public SessionIDManager () { } public static int SessionIDMaxLength { get { return 80; } } // Todo: find use for the context parameter? public virtual string CreateSessionID (HttpContext context) { return SessionId.Create (); } public virtual string Decode (string id) { return HttpUtility.UrlDecode (id); } public virtual string Encode (string id) { return HttpUtility.UrlEncode (id); } public string GetSessionID (HttpContext context) { string ret = null; if (SessionStateModule.IsCookieLess (context, config)) { string tmp = context.Request.Headers [SessionStateModule.HeaderName]; if (tmp != null) ret = Decode (tmp); } else { HttpCookie cookie = context.Request.Cookies [config.CookieName]; if (cookie != null) ret = Decode (cookie.Value); } if (ret != null && ret.Length > SessionIDMaxLength) throw new HttpException ("The length of the session-identifier value retrieved from the HTTP request exceeds the SessionIDMaxLength value."); if (!Validate (ret)) throw new HttpException ("Invalid session ID"); return ret; } public void Initialize () { config = WebConfigurationManager.GetSection ("system.web/sessionState") as SessionStateSection; } public bool InitializeRequest (HttpContext context, bool suppressAutoDetectRedirect, out bool supportSessionIDReissue) { // TODO: Implement AutoDetect handling if (config.CookieLess) { supportSessionIDReissue = true; return false; } else { supportSessionIDReissue = false; return false; } } public void RemoveSessionID (HttpContext context) { context.Response.Cookies.Remove(config.CookieName); } // TODO: add code to check whether the response has already been sent public void SaveSessionID (HttpContext context, string id, out bool redirected, out bool cookieAdded) { if (!Validate (id)) throw new HttpException ("Invalid session ID"); HttpRequest request = context.Request; if (!SessionStateModule.IsCookieLess (context, config)) { HttpCookie cookie = new HttpCookie (config.CookieName, id); cookie.Path = request.ApplicationPath; context.Response.AppendCookie (cookie); cookieAdded = true; redirected = false; } else { request.SetHeader (SessionStateModule.HeaderName, id); cookieAdded = false; redirected = true; UriBuilder newUri = new UriBuilder (request.Url); newUri.Path = UrlUtils.InsertSessionId (id, request.FilePath); context.Response.Redirect (newUri.Uri.PathAndQuery, false); } } public virtual bool Validate (string id) { return true; } } } #endif