2007-04-13 Marek Habersack <mhabersack@novell.com>

[mono.git] / mcs / class / System.Web / System.Web.SessionState / SessionStateModule.cs

diff --git a/mcs/class/System.Web/System.Web.SessionState/SessionStateModule.cs b/mcs/class/System.Web/System.Web.SessionState/SessionStateModule.cs
index d1bd169e1f34e2d4176bb589715d9e1e11224e35..1deb4fb1adc707e1638df800ba57bab1481f4fb4 100644 (file)
--- a/mcs/class/System.Web/System.Web.SessionState/SessionStateModule.cs
+++ b/mcs/class/System.Web/System.Web.SessionState/SessionStateModule.cs
@@ -3,12 +3,11 @@
 //
 // Authors:
 //     Gonzalo Paniagua Javier (gonzalo@ximian.com)
-//     Stefan Görling (stefan@gorling.se)
+//     Stefan Görling (stefan@gorling.se)
 //     Jackson Harper (jackson@ximian.com)
 //
-// (C) 2002,2003,2004,2005 Novell, Inc (http://www.novell.com)
-// (C) 2003 Stefan Görling (http://www.gorling.se)
-
+// Copyright (C) 2002-2006 Novell, Inc (http://www.novell.com)
+// (C) 2003 Stefan Görling (http://www.gorling.se)
 //
 // Permission is hereby granted, free of charge, to any person obtaining
 // a copy of this software and associated documentation files (the
@@ -30,21 +29,25 @@
 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
 //
 
-using System.Web;
+#if !NET_2_0
+using System.Web.Configuration;
 using System.Web.Caching;
 using System.Web.Util;
 using System.Security.Cryptography;
+using System.Security.Permissions;
 
 namespace System.Web.SessionState
 {
+       // CAS - no InheritanceDemand here as the class is sealed
+       [AspNetHostingPermission (SecurityAction.LinkDemand, Level = AspNetHostingPermissionLevel.Minimal)]
        public sealed class SessionStateModule : IHttpModule
        {
-               internal static readonly string CookieName = "ASPSESSION";
-               internal static readonly string HeaderName = "AspFilterSessionId";
+               internal const string CookieName = "ASPSESSION";
+               internal const string HeaderName = "AspFilterSessionId";
                static object locker = new object ();
                
 #if TARGET_J2EE                
-               static private SessionConfig config {
+static private SessionConfig config {
                        get {
                                return (SessionConfig)AppDomain.CurrentDomain.GetData("SessionStateModule.config");
                        }
@@ -67,8 +70,9 @@ namespace System.Web.SessionState
                ISessionHandler handler;
                bool sessionForStaticFiles;
                
-               static RandomNumberGenerator rng = new RNGCryptoServiceProvider ();
+               static RandomNumberGenerator rng = RandomNumberGenerator.Create ();
                
+               [SecurityPermission (SecurityAction.Demand, UnmanagedCode = true)]
                public SessionStateModule ()
                {
                }
@@ -110,6 +114,7 @@ namespace System.Web.SessionState
                        }
                }
 
+               [EnvironmentPermission (SecurityAction.Assert, Read = "MONO_XSP_STATIC_SESSION")]
                public void Init (HttpApplication app)
                {
                        sessionForStaticFiles = (Environment.GetEnvironmentVariable ("MONO_XSP_STATIC_SESSION") != null);
@@ -117,7 +122,7 @@ namespace System.Web.SessionState
                        if (handlerType == null)
                                return;
 
-                       if (config.CookieLess)
+                       if (cfg.CookieLess)
                                app.BeginRequest += new EventHandler (OnBeginRequest);
 
                        app.AcquireRequestState += new EventHandler (OnAcquireState);
@@ -126,7 +131,7 @@ namespace System.Web.SessionState
                        
                        if (handlerType != null && handler == null) {
                                handler = (ISessionHandler) Activator.CreateInstance (handlerType);
-                               handler.Init (this, app, config); //initialize
+                               handler.Init (this, app, cfg); //initialize
                        }
                }
 
@@ -140,10 +145,10 @@ namespace System.Web.SessionState
                        if (id == null)
                                return;
                        
-                       context.Request.SetCurrentExePath (UrlUtils.RemoveSessionId (base_path,
-                                                                    context.Request.FilePath));
+                       string new_path = UrlUtils.RemoveSessionId (base_path, context.Request.FilePath);
+                       context.Request.SetFilePath (new_path);
                        context.Request.SetHeader (HeaderName, id);
-                       context.Response.SetAppPathModifier (String.Format ("({0})", id));
+                       context.Response.SetAppPathModifier (String.Concat ("(", id, ")"));
                }
                
                void OnReleaseRequestState (object o, EventArgs args)
@@ -193,35 +198,43 @@ namespace System.Web.SessionState
                                        
                                context.SetSession (session);
 
+                               HttpRequest request = context.Request;
+                               HttpResponse response = context.Response;
+                               string id = context.Session.SessionID;
                                if (isNew && config.CookieLess) {
-                                       string id = context.Session.SessionID;
-                                       context.Request.SetHeader (HeaderName, id);
-                                       context.Response.Redirect (UrlUtils.InsertSessionId (id,
-                                                                  context.Request.FilePath));
+                                       request.SetHeader (HeaderName, id);
+                                       response.Redirect (UrlUtils.InsertSessionId (id, request.FilePath));
                                } else if (isNew) {
-                                       string id = context.Session.SessionID;
                                        HttpCookie cookie = new HttpCookie (CookieName, id);
-                                       cookie.Path = UrlUtils.GetDirectory (context.Request.ApplicationPath);
+                                       cookie.Path = request.ApplicationPath;
                                        context.Response.AppendCookie (cookie);
                                }
+
+                               if (isNew)
+                                       OnSessionStart ();
                        }
                }
 
-               internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
+               void OnSessionStart ()
                {
-                       OnEnd ();
+                       if (Start != null)
+                               Start (this, EventArgs.Empty);
                }
 
-               internal void OnEnd ()
+               internal void OnSessionRemoved (string key, object value, CacheItemRemovedReason reason)
                {
-#if !TARGET_J2EE                       
-                       if (End != null)
-                               End (this, EventArgs.Empty);
-#endif                         
+                       SessionConfig cfg = GetConfig ();
+
+                       // Only invoked for InProc (see msdn2 docs on SessionStateModule.End)
+                       if (cfg.Mode == SessionStateMode.InProc)
+                               HttpApplicationFactory.InvokeSessionEnd (value);
                }
                
                public event EventHandler Start;
+
+               // This event is public, but only Session_[On]End in global.asax will be invoked if present.
                public event EventHandler End;
        }
 }
 
+#endif