//
// Authors:
// Gonzalo Paniagua Javier (gonzalo@ximian.com)
-// Stefan Görling (stefan@gorling.se)
+// Stefan Görling (stefan@gorling.se)
// Jackson Harper (jackson@ximian.com)
//
-// (C) 2002,2003,2004,2005 Novell, Inc (http://www.novell.com)
-// (C) 2003 Stefan Görling (http://www.gorling.se)
-
+// Copyright (C) 2002-2006 Novell, Inc (http://www.novell.com)
+// (C) 2003 Stefan Görling (http://www.gorling.se)
//
// Permission is hereby granted, free of charge, to any person obtaining
// a copy of this software and associated documentation files (the
// WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
//
-using System.Web;
+#if !NET_2_0
+using System.Web.Configuration;
using System.Web.Caching;
using System.Web.Util;
using System.Security.Cryptography;
+using System.Security.Permissions;
namespace System.Web.SessionState
{
+ // CAS - no InheritanceDemand here as the class is sealed
+ [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
public sealed class SessionStateModule : IHttpModule
{
- internal static readonly string CookieName = "ASPSESSION";
- internal static readonly string HeaderName = "AspFilterSessionId";
+ internal const string CookieName = "ASPSESSION";
+ internal const string HeaderName = "AspFilterSessionId";
static object locker = new object ();
#if TARGET_J2EE
- static private SessionConfig config {
+static private SessionConfig config {
get {
return (SessionConfig)AppDomain.CurrentDomain.GetData("SessionStateModule.config");
}
ISessionHandler handler;
bool sessionForStaticFiles;
- static RandomNumberGenerator rng = new RNGCryptoServiceProvider ();
+ static RandomNumberGenerator rng = RandomNumberGenerator.Create ();
+ [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
public SessionStateModule ()
{
}
}
}
+ [EnvironmentPermission (SecurityAction.Assert, Read = "MONO_XSP_STATIC_SESSION")]
public void Init (HttpApplication app)
{
sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
if (handlerType == null)
return;
- if (config.CookieLess)
+ if (cfg.CookieLess)
app.BeginRequest += new EventHandler (OnBeginRequest);
app.AcquireRequestState += new EventHandler (OnAcquireState);
if (handlerType != null && handler == null) {
handler = (ISessionHandler) Activator.CreateInstance (handlerType);
- handler.Init (this, app, config); //initialize
+ handler.Init (this, app, cfg); //initialize
}
}
if (id == null)
return;
- context.Request.SetCurrentExePath (UrlUtils.RemoveSessionId (base_path,
- context.Request.FilePath));
+ string new_path = UrlUtils.RemoveSessionId (base_path, context.Request.FilePath);
+ context.Request.SetFilePath (new_path);
context.Request.SetHeader (HeaderName, id);
- context.Response.SetAppPathModifier (String.Format ("({0})", id));
+ context.Response.SetAppPathModifier (String.Concat ("(", id, ")"));
}
void OnReleaseRequestState (object o, EventArgs args)
context.SetSession (session);
+ HttpRequest request = context.Request;
+ HttpResponse response = context.Response;
+ string id = context.Session.SessionID;
if (isNew && config.CookieLess) {
- string id = context.Session.SessionID;
- context.Request.SetHeader (HeaderName, id);
- context.Response.Redirect (UrlUtils.InsertSessionId (id,
- context.Request.FilePath));
+ request.SetHeader (HeaderName, id);
+ response.Redirect (UrlUtils.InsertSessionId (id, request.FilePath));
} else if (isNew) {
- string id = context.Session.SessionID;
HttpCookie cookie = new HttpCookie (CookieName, id);
- cookie.Path = UrlUtils.GetDirectory (context.Request.ApplicationPath);
+ cookie.Path = request.ApplicationPath;
context.Response.AppendCookie (cookie);
}
+
+ if (isNew)
+ OnSessionStart ();
}
}
- internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
+ void OnSessionStart ()
{
- OnEnd ();
+ if (Start != null)
+ Start (this, EventArgs.Empty);
}
- internal void OnEnd ()
+ internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
{
-#if !TARGET_J2EE
- if (End != null)
- End (this, EventArgs.Empty);
-#endif
+ SessionConfig cfg = GetConfig ();
+
+ // Only invoked for InProc (see msdn2 docs on SessionStateModule.End)
+ if (cfg.Mode == SessionStateMode.InProc)
+ HttpApplicationFactory.InvokeSessionEnd (value);
}
public event EventHandler Start;
+
+ // This event is public, but only Session_[On]End in global.asax will be invoked if present.
public event EventHandler End;
}
}
+#endif