//
// Authors:
// Gonzalo Paniagua Javier (gonzalo@ximian.com)
-// Stefan Görling (stefan@gorling.se)
+// Stefan Görling (stefan@gorling.se)
+// Jackson Harper (jackson@ximian.com)
+//
+// Copyright (C) 2002-2006 Novell, Inc (http://www.novell.com)
+// (C) 2003 Stefan Görling (http://www.gorling.se)
+//
+// Permission is hereby granted, free of charge, to any person obtaining
+// a copy of this software and associated documentation files (the
+// "Software"), to deal in the Software without restriction, including
+// without limitation the rights to use, copy, modify, merge, publish,
+// distribute, sublicense, and/or sell copies of the Software, and to
+// permit persons to whom the Software is furnished to do so, subject to
+// the following conditions:
+//
+// The above copyright notice and this permission notice shall be
+// included in all copies or substantial portions of the Software.
+//
+// THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
+// EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
+// MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
+// NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
+// LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
+// OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
+// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
-// (C) 2002,2003 Ximian, Inc (http://www.ximian.com)
-// (C) 2003 Stefan Görling (http://www.gorling.se)
-using System.Web;
+
+using System.Web.Configuration;
+using System.Web.Caching;
+using System.Web.Util;
using System.Security.Cryptography;
+using System.Security.Permissions;
namespace System.Web.SessionState
{
- [MonoTODO]
- public sealed class SessionStateModule : IHttpModule, IRequiresSessionState
+ // CAS - no InheritanceDemand here as the class is sealed
+ [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
+ public sealed class SessionStateModule : IHttpModule
{
+ internal const string CookieName = "ASPSESSION";
+ internal const string HeaderName = "AspFilterSessionId";
+ static object locker = new object ();
+
+#if TARGET_J2EE
+#if NET_2_0
+ static private SessionStateSection config {
+ get
+ {
+ return (SessionStateSection) AppDomain.CurrentDomain.GetData ("SessionStateModule.config");
+ }
+ set
+ {
+ AppDomain.CurrentDomain.SetData ("SessionStateModule.config", value);
+ }
+ }
+ static private Type handlerType
+ {
+ get
+ {
+ return (Type) AppDomain.CurrentDomain.GetData ("SessionStateModule.handlerType");
+ }
+ set
+ {
+ AppDomain.CurrentDomain.SetData ("SessionStateModule.handlerType", value);
+ }
+ }
+#else
+ static private SessionConfig config {
+ get {
+ return (SessionConfig)AppDomain.CurrentDomain.GetData("SessionStateModule.config");
+ }
+ set {
+ AppDomain.CurrentDomain.SetData("SessionStateModule.config", value);
+ }
+ }
+ static private Type handlerType {
+ get {
+ return (Type)AppDomain.CurrentDomain.GetData("SessionStateModule.handlerType");
+ }
+ set {
+ AppDomain.CurrentDomain.SetData("SessionStateModule.handlerType", value);
+ }
+ }
+#endif
+#else
+#if NET_2_0
+ static SessionStateSection config;
+#else
static SessionConfig config;
+#endif
static Type handlerType;
+#endif
ISessionHandler handler;
-
- private RandomNumberGenerator rng;
+ bool sessionForStaticFiles;
+ static RandomNumberGenerator rng = RandomNumberGenerator.Create ();
+
+ [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
public SessionStateModule ()
{
- rng = new RNGCryptoServiceProvider ();
}
- internal RandomNumberGenerator Rng {
- get { return rng; }
- }
-
+ internal RandomNumberGenerator Rng {
+ get { return rng; }
+ }
+
public void Dispose ()
{
if (handler!=null)
handler.Dispose();
}
- [MonoTODO]
- public void Init (HttpApplication app)
+#if NET_2_0
+ SessionStateSection GetConfig ()
+#else
+ SessionConfig GetConfig ()
+#endif
{
- if (config == null) {
+ lock (locker) {
+ if (config != null)
+ return config;
+
+#if NET_2_0
+ config = (SessionStateSection) WebConfigurationManager.GetSection ("system.web/sessionState");
+#else
config = (SessionConfig) HttpContext.GetAppConfig ("system.web/sessionState");
if (config == null)
config = new SessionConfig (null);
+#endif
+#if TARGET_J2EE
+ if (config.Mode == SessionStateMode.SQLServer || config.Mode == SessionStateMode.StateServer)
+ throw new NotImplementedException("You must use web.xml to specify session state handling");
+#else
if (config.Mode == SessionStateMode.StateServer)
handlerType = typeof (SessionStateServerHandler);
if (config.Mode == SessionStateMode.SQLServer)
handlerType = typeof (SessionSQLServerHandler);
-
+#endif
if (config.Mode == SessionStateMode.InProc)
handlerType = typeof (SessionInProcHandler);
+
+ return config;
}
-
- app.AddOnAcquireRequestStateAsync (
- new BeginEventHandler (OnBeginAcquireState),
- new EndEventHandler (OnEndAcquireState));
+ }
+ [EnvironmentPermission (SecurityAction.Assert, Read = "MONO_XSP_STATIC_SESSION")]
+ public void Init (HttpApplication app)
+ {
+ sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
+#if NET_2_0
+ SessionStateSection cfg = GetConfig ();
+#else
+ SessionConfig cfg = GetConfig ();
+#endif
+ if (handlerType == null)
+ return;
+
+ if (cfg.CookieLess)
+ app.BeginRequest += new EventHandler (OnBeginRequest);
+
+ app.AcquireRequestState += new EventHandler (OnAcquireState);
app.ReleaseRequestState += new EventHandler (OnReleaseRequestState);
app.EndRequest += new EventHandler (OnEndRequest);
if (handlerType != null && handler == null) {
handler = (ISessionHandler) Activator.CreateInstance (handlerType);
- handler.Init(app, config); //initialize
+ handler.Init (this, app, cfg); //initialize
}
}
+ void OnBeginRequest (object o, EventArgs args)
+ {
+ HttpApplication application = (HttpApplication) o;
+ HttpContext context = application.Context;
+ string base_path = context.Request.BaseVirtualDir;
+ string id = UrlUtils.GetSessionId (base_path);
+
+ if (id == null)
+ return;
+
+ string new_path = UrlUtils.RemoveSessionId (base_path, context.Request.FilePath);
+ context.Request.SetFilePath (new_path);
+ context.Request.SetHeader (HeaderName, id);
+ context.Response.SetAppPathModifier (String.Concat ("(", id, ")"));
+ }
+
void OnReleaseRequestState (object o, EventArgs args)
{
if (handler == null)
{
}
- IAsyncResult OnBeginAcquireState (object o, EventArgs args, AsyncCallback cb, object data)
+ void OnAcquireState (object o, EventArgs args)
{
-
HttpApplication application = (HttpApplication) o;
HttpContext context = application.Context;
+ bool required = (context.Handler is IRequiresSessionState);
+
+ // This is a hack. Sites that use Session in global.asax event handling code
+ // are not supposed to get a Session object for static files, but seems that
+ // IIS handles those files before getting there and thus they are served without
+ // error.
+ // As a workaround, setting MONO_XSP_STATIC_SESSION variable make this work
+ // on mono, but you lose performance when serving static files.
+ if (sessionForStaticFiles && context.Handler is StaticFileHandler)
+ required = true;
+ // hack end
+
+ bool read_only = (context.Handler is IReadOnlySessionState);
+
bool isNew = false;
+ HttpSessionState session = null;
if (handler != null)
- isNew = handler.UpdateContext (context, this);
-
- // In the future, we might want to move the Async stuff down to
- // the interface level, if we're going to support other than
- // InProc, we might actually want to do things async, now we
- // simply fake it.
- HttpAsyncResult result=new HttpAsyncResult (cb,this);
- result.Complete (true, o, null);
- if (isNew && Start != null)
- Start (this, args);
-
- return result;
+ session = handler.UpdateContext (context, this, required, read_only, ref isNew);
+
+ if (session != null) {
+ if (isNew)
+ session.SetNewSession (true);
+
+ if (read_only)
+ session = session.Clone ();
+
+ context.SetSession (session);
+
+ HttpRequest request = context.Request;
+ HttpResponse response = context.Response;
+ string id = context.Session.SessionID;
+ if (isNew && config.CookieLess) {
+ request.SetHeader (HeaderName, id);
+ response.Redirect (UrlUtils.InsertSessionId (id, request.FilePath));
+ } else if (isNew) {
+ HttpCookie cookie = new HttpCookie (CookieName, id);
+ cookie.Path = request.ApplicationPath;
+ context.Response.AppendCookie (cookie);
+ }
+
+ if (isNew)
+ OnSessionStart ();
+ }
}
- void OnEndAcquireState (IAsyncResult result)
+ void OnSessionStart ()
{
+ if (Start != null)
+ Start (this, EventArgs.Empty);
}
- internal void OnEnd ()
+ internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
{
- if (End != null)
- End (this, EventArgs.Empty);
+#if NET_2_0
+ SessionStateSection cfg = GetConfig ();
+#else
+ SessionConfig cfg = GetConfig ();
+#endif
+
+ // Only invoked for InProc (see msdn2 docs on SessionStateModule.End)
+ if (cfg.Mode == SessionStateMode.InProc)
+ HttpApplicationFactory.InvokeSessionEnd (value);
}
public event EventHandler Start;
+
+ // This event is public, but only Session_[On]End in global.asax will be invoked if present.
public event EventHandler End;
}
}
-
-
-