//
// Authors:
// Gonzalo Paniagua Javier (gonzalo@ximian.com)
-// Stefan Görling (stefan@gorling.se)
+// Stefan Görling (stefan@gorling.se)
// Jackson Harper (jackson@ximian.com)
//
-// (C) 2002,2003,2004,2005 Novell, Inc (http://www.novell.com)
-// (C) 2003 Stefan Görling (http://www.gorling.se)
-
+// Copyright (C) 2002-2006 Novell, Inc (http://www.novell.com)
+// (C) 2003 Stefan Görling (http://www.gorling.se)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
-using System.Web;
+#if !NET_2_0
+using System.Web.Configuration;
using System.Web.Caching;
using System.Web.Util;
using System.Security.Cryptography;
+using System.Security.Permissions;
namespace System.Web.SessionState
{
+ // CAS - no InheritanceDemand here as the class is sealed
+ [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public sealed class SessionStateModule : IHttpModule
{
- internal static readonly string CookieName = "ASPSESSION";
- internal static readonly string HeaderName = "AspFilterSessionId";
+ internal const string CookieName = "ASPSESSION";
+ internal const string HeaderName = "AspFilterSessionId";
static object locker = new object ();
#if TARGET_J2EE
- static private SessionConfig config {
+static private SessionConfig config {
get {
return (SessionConfig)AppDomain.CurrentDomain.GetData("SessionStateModule.config");
}
static RandomNumberGenerator rng = RandomNumberGenerator.Create ();
+ [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
public SessionStateModule ()
{
}
}
}
+ [EnvironmentPermission (SecurityAction.Assert, Read = "MONO_XSP_STATIC_SESSION")]
public void Init (HttpApplication app)
{
sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
if (id == null)
return;
- context.Request.SetCurrentExePath (UrlUtils.RemoveSessionId (base_path,
- context.Request.FilePath));
+ string new_path = UrlUtils.RemoveSessionId (base_path, context.Request.FilePath);
+ context.Request.SetFilePath (new_path);
context.Request.SetHeader (HeaderName, id);
- context.Response.SetAppPathModifier (String.Format ("({0})", id));
+ context.Response.SetAppPathModifier (String.Concat ("(", id, ")"));
}
void OnReleaseRequestState (object o, EventArgs args)
internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
{
+ SessionConfig cfg = GetConfig ();
+
// Only invoked for InProc (see msdn2 docs on SessionStateModule.End)
- if (GetConfig ().Mode == SessionStateMode.InProc)
+ if (cfg.Mode == SessionStateMode.InProc)
HttpApplicationFactory.InvokeSessionEnd (value);
}
}
}
+#endif