Method Detail

• setName

  void setName(java.lang.String name)

  Sets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  NOTE: Changing the name of session tracking cookies may break other tiers (for example, a load balancing frontend) that assume the cookie name to be equal to the default JSESSIONID, and therefore should only be done cautiously.

  Parameters:

  name - the cookie name to use

  Throws:

  java.lang.IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

• getName

  java.lang.String getName()

  Gets the name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  By default, JSESSIONID will be used as the cookie name.

  Returns:

  the cookie name set via setName(java.lang.String), or null if setName(java.lang.String) was never called

  See Also:

  Cookie.getName()

• setDomain

  void setDomain(java.lang.String domain)

  Sets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  Parameters:

  domain - the cookie domain to use

  Throws:

  java.lang.IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

  See Also:

  Cookie.setDomain(String)

• getDomain

  java.lang.String getDomain()

  Gets the domain name that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  Returns:

  the cookie domain set via setDomain(java.lang.String), or null if setDomain(java.lang.String) was never called

  See Also:

  Cookie.getDomain()

• setPath

  void setPath(java.lang.String path)

  Sets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  Parameters:

  path - the cookie path to use

  Throws:

  java.lang.IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

  See Also:

  Cookie.setPath(String)

• getPath

  java.lang.String getPath()

  Gets the path that will be assigned to any session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  By default, the context path of the ServletContext from which this SessionCookieConfig was acquired will be used.

  Returns:

  the cookie path set via setPath(java.lang.String), or null if setPath(java.lang.String) was never called

  See Also:

  Cookie.getPath()

• setComment

  @Deprecated
  void setComment(java.lang.String comment)

  Deprecated. This is no longer required with RFC 6265
  With the adoption of support for RFC 6265, this method should no longer be used.

  If called, this method has no effect.

  Parameters:

  comment - ignore

  Throws:

  java.lang.IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

  See Also:

  Cookie.setComment(String), Cookie.getVersion()

• getComment

  @Deprecated
  java.lang.String getComment()

  Deprecated. This is no longer required with RFC 6265
  With the adoption of support for RFC 6265, this method should no longer be used.

  Returns:

  Always null

  See Also:

  Cookie.getComment()

• setHttpOnly

  void setHttpOnly(boolean httpOnly)

  Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as HttpOnly.

  A cookie is marked as HttpOnly by adding the HttpOnly attribute to it. HttpOnly cookies are not supposed to be exposed to client-side scripting code, and may therefore help mitigate certain kinds of cross-site scripting attacks.

  Parameters:

  httpOnly - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as HttpOnly, false otherwise

  Throws:

  java.lang.IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

  See Also:

  Cookie.setHttpOnly(boolean)

• isHttpOnly

  boolean isHttpOnly()

  Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly.

  Returns:

  true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as HttpOnly, false otherwise

  See Also:

  Cookie.isHttpOnly()

• setSecure

  void setSecure(boolean secure)

  Marks or unmarks the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired as secure.

  One use case for marking a session tracking cookie as secure, even though the request that initiated the session came over HTTP, is to support a topology where the web container is front-ended by an SSL offloading load balancer. In this case, the traffic between the client and the load balancer will be over HTTPS, whereas the traffic between the load balancer and the web container will be over HTTP.

  Parameters:

  secure - true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired shall be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they shall be marked as secure only if the request that initiated the corresponding session was also secure

  Throws:

  java.lang.IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

  See Also:

  Cookie.setSecure(boolean), ServletRequest.isSecure()

• isSecure

  boolean isSecure()

  Checks if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS.

  Returns:

  true if the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired will be marked as secure even if the request that initiated the corresponding session is using plain HTTP instead of HTTPS, and false if they will be marked as secure only if the request that initiated the corresponding session was also secure

  See Also:

  Cookie.getSecure(), ServletRequest.isSecure()

• setMaxAge

  void setMaxAge(int maxAge)

  Sets the lifetime (in seconds) for the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  Parameters:

  maxAge - the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  Throws:

  java.lang.IllegalStateException - if the ServletContext from which this SessionCookieConfig was acquired has already been initialized

  See Also:

  Cookie.setMaxAge(int)

• getMaxAge

  int getMaxAge()

  Gets the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired.

  By default, -1 is returned.

  Returns:

  the lifetime (in seconds) of the session tracking cookies created on behalf of the application represented by the ServletContext from which this SessionCookieConfig was acquired, or -1 (the default)

  See Also:

  Cookie.getMaxAge()

• setAttribute

  void setAttribute(java.lang.String name,
                    java.lang.String value)

  Sets the value for the given session cookie attribute. When a value is set via this method, the value returned by the attribute specific getter (if any) must be consistent with the value set via this method.

  Parameters:

  name - Name of attribute to set, case insensitive

  value - Value of attribute

  Throws:

  java.lang.IllegalStateException - if the associated ServletContext has already been initialised

  java.lang.IllegalArgumentException - If the attribute name is null or contains any characters not permitted for use in Cookie names.

  java.lang.NumberFormatException - If the attribute is known to be numerical but the provided value cannot be parsed to a number.

  Since:

  Servlet 6.0

• getAttribute

  java.lang.String getAttribute(java.lang.String name)

  Obtain the value for a given session cookie attribute. Values returned from this method must be consistent with the values set and returned by the attribute specific getters and setters in this class.

  Parameters:

  name - Name of attribute to return, case insensitive

  Returns:

  Value of specified attribute

  Since:

  Servlet 6.0

• getAttributes

  java.util.Map<java.lang.String,java.lang.String> getAttributes()

  Obtain the Map (keys are case insensitive) of all attributes and values, including those set via the attribute specific setters, (excluding version) for this SessionCookieConfig.

  Returns:

  A read-only Map of attributes to values, excluding version.

  Since:

  Servlet 6.0