//
// Authors:
// Gonzalo Paniagua Javier (gonzalo@ximian.com)
-// Stefan Görling (stefan@gorling.se)
+// Stefan Görling (stefan@gorling.se)
// Jackson Harper (jackson@ximian.com)
//
-// (C) 2002,2003,2004,2005 Novell, Inc (http://www.novell.com)
-// (C) 2003 Stefan Görling (http://www.gorling.se)
-
+// Copyright (C) 2002-2006 Novell, Inc (http://www.novell.com)
+// (C) 2003 Stefan Görling (http://www.gorling.se)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
-using System.Web;
+
+using System.Web.Configuration;
using System.Web.Caching;
using System.Web.Util;
using System.Security.Cryptography;
+using System.Security.Permissions;
namespace System.Web.SessionState
{
+ // CAS - no InheritanceDemand here as the class is sealed
+ [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public sealed class SessionStateModule : IHttpModule
{
- internal static readonly string CookieName = "ASPSESSION";
- internal static readonly string HeaderName = "AspFilterSessionId";
+ internal const string CookieName = "ASPSESSION";
+ internal const string HeaderName = "AspFilterSessionId";
+ static object locker = new object ();
-#if !TARGET_J2EE
- static SessionConfig config;
- static Type handlerType;
+#if TARGET_J2EE
+#if NET_2_0
+ static private SessionStateSection config {
+ get
+ {
+ return (SessionStateSection) AppDomain.CurrentDomain.GetData ("SessionStateModule.config");
+ }
+ set
+ {
+ AppDomain.CurrentDomain.SetData ("SessionStateModule.config", value);
+ }
+ }
+ static private Type handlerType
+ {
+ get
+ {
+ return (Type) AppDomain.CurrentDomain.GetData ("SessionStateModule.handlerType");
+ }
+ set
+ {
+ AppDomain.CurrentDomain.SetData ("SessionStateModule.handlerType", value);
+ }
+ }
#else
static private SessionConfig config {
get {
AppDomain.CurrentDomain.SetData("SessionStateModule.handlerType", value);
}
}
+#endif
+#else
+#if NET_2_0
+ static SessionStateSection config;
+#else
+ static SessionConfig config;
+#endif
+ static Type handlerType;
#endif
ISessionHandler handler;
bool sessionForStaticFiles;
- static RandomNumberGenerator rng = new RNGCryptoServiceProvider ();
+ static RandomNumberGenerator rng = RandomNumberGenerator.Create ();
+ [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
public SessionStateModule ()
{
}
handler.Dispose();
}
- public void Init (HttpApplication app)
+#if NET_2_0
+ SessionStateSection GetConfig ()
+#else
+ SessionConfig GetConfig ()
+#endif
{
- sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
- if (config == null) {
+ lock (locker) {
+ if (config != null)
+ return config;
+
+#if NET_2_0
+ config = (SessionStateSection) WebConfigurationManager.GetSection ("system.web/sessionState");
+#else
config = (SessionConfig) HttpContext.GetAppConfig ("system.web/sessionState");
if (config == null)
config = new SessionConfig (null);
+#endif
#if TARGET_J2EE
if (config.Mode == SessionStateMode.SQLServer || config.Mode == SessionStateMode.StateServer)
if (config.Mode == SessionStateMode.SQLServer)
handlerType = typeof (SessionSQLServerHandler);
#endif
-
if (config.Mode == SessionStateMode.InProc)
handlerType = typeof (SessionInProcHandler);
- if (config.Mode == SessionStateMode.Off)
- return;
+ return config;
}
+ }
- if (config.CookieLess)
+ [EnvironmentPermission (SecurityAction.Assert, Read = "MONO_XSP_STATIC_SESSION")]
+ public void Init (HttpApplication app)
+ {
+ sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
+#if NET_2_0
+ SessionStateSection cfg = GetConfig ();
+#else
+ SessionConfig cfg = GetConfig ();
+#endif
+ if (handlerType == null)
+ return;
+
+ if (cfg.CookieLess)
app.BeginRequest += new EventHandler (OnBeginRequest);
-
- app.AddOnAcquireRequestStateAsync (
- new BeginEventHandler (OnBeginAcquireState),
- new EndEventHandler (OnEndAcquireState));
+ app.AcquireRequestState += new EventHandler (OnAcquireState);
app.ReleaseRequestState += new EventHandler (OnReleaseRequestState);
app.EndRequest += new EventHandler (OnEndRequest);
if (handlerType != null && handler == null) {
handler = (ISessionHandler) Activator.CreateInstance (handlerType);
- handler.Init (this, app, config); //initialize
+ handler.Init (this, app, cfg); //initialize
}
}
if (id == null)
return;
- context.Request.SetCurrentExePath (UrlUtils.RemoveSessionId (base_path,
- context.Request.FilePath));
+ string new_path = UrlUtils.RemoveSessionId (base_path, context.Request.FilePath);
+ context.Request.SetFilePath (new_path);
context.Request.SetHeader (HeaderName, id);
- context.Response.SetAppPathModifier (String.Format ("({0})", id));
+ context.Response.SetAppPathModifier (String.Concat ("(", id, ")"));
}
void OnReleaseRequestState (object o, EventArgs args)
{
}
- IAsyncResult OnBeginAcquireState (object o, EventArgs args, AsyncCallback cb, object data)
+ void OnAcquireState (object o, EventArgs args)
{
HttpApplication application = (HttpApplication) o;
HttpContext context = application.Context;
context.SetSession (session);
+ HttpRequest request = context.Request;
+ HttpResponse response = context.Response;
+ string id = context.Session.SessionID;
if (isNew && config.CookieLess) {
- string id = context.Session.SessionID;
- context.Request.SetHeader (HeaderName, id);
- context.Response.Redirect (UrlUtils.InsertSessionId (id,
- context.Request.FilePath));
+ request.SetHeader (HeaderName, id);
+ response.Redirect (UrlUtils.InsertSessionId (id, request.FilePath));
} else if (isNew) {
- string id = context.Session.SessionID;
HttpCookie cookie = new HttpCookie (CookieName, id);
- cookie.Path = UrlUtils.GetDirectory (context.Request.ApplicationPath);
+ cookie.Path = request.ApplicationPath;
context.Response.AppendCookie (cookie);
}
+
+ if (isNew)
+ OnSessionStart ();
}
-
- // In the future, we might want to move the Async stuff down to
- // the interface level, if we're going to support other than
- // InProc, we might actually want to do things async, now we
- // simply fake it.
- HttpAsyncResult result=new HttpAsyncResult (cb,this);
- result.Complete (true, o, null);
- if (isNew && Start != null)
- Start (this, args);
-
- return result;
}
- void OnEndAcquireState (IAsyncResult result) { }
-
- internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
+ void OnSessionStart ()
{
- OnEnd ();
+ if (Start != null)
+ Start (this, EventArgs.Empty);
}
- internal void OnEnd ()
+ internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
{
-#if !TARGET_J2EE
- if (End != null)
- End (this, EventArgs.Empty);
-#endif
+#if NET_2_0
+ SessionStateSection cfg = GetConfig ();
+#else
+ SessionConfig cfg = GetConfig ();
+#endif
+
+ // Only invoked for InProc (see msdn2 docs on SessionStateModule.End)
+ if (cfg.Mode == SessionStateMode.InProc)
+ HttpApplicationFactory.InvokeSessionEnd (value);
}
public event EventHandler Start;
+
+ // This event is public, but only Session_[On]End in global.asax will be invoked if present.
public event EventHandler End;
}
}