Java HttpServletRequest.isRequestedSessionIdFromCookie方法代碼示例

本文整理匯總了Java中javax.servlet.http.HttpServletRequest.isRequestedSessionIdFromCookie方法的典型用法代碼示例。如果您正苦於以下問題：Java HttpServletRequest.isRequestedSessionIdFromCookie方法的具體用法？Java HttpServletRequest.isRequestedSessionIdFromCookie怎麽用？Java HttpServletRequest.isRequestedSessionIdFromCookie使用的例子？那麽, 這裏精選的方法代碼示例或許可以為您提供幫助。您也可以進一步了解該方法所在類javax.servlet.http.HttpServletRequest的用法示例。

在下文中一共展示了HttpServletRequest.isRequestedSessionIdFromCookie方法的2個代碼示例，這些例子默認根據受歡迎程度排序。您可以為喜歡或者感覺有用的代碼點讚，您的評價將有助於係統推薦出更棒的Java代碼示例。

示例1: addCookie

import javax.servlet.http.HttpServletRequest; //導入方法依賴的package包/類
/**
 *  Add a session id cookie if appropriate. Can be overloaded to
 *  support a cluster.
 * @param conn
 * @param urlString
 * @param request
 * @since Struts 1.2.0
 */
protected void addCookie(URLConnection conn, String urlString, HttpServletRequest request) {
    if ((conn instanceof HttpURLConnection)
        && urlString.startsWith(request.getContextPath())
        && (request.getRequestedSessionId() != null)
        && request.isRequestedSessionIdFromCookie()) {
        StringBuffer sb = new StringBuffer("JSESSIONID=");
        sb.append(request.getRequestedSessionId());
        conn.setRequestProperty("Cookie", sb.toString());
    }
}

開發者ID:lamsfoundation，項目名稱:lams，代碼行數:19，代碼來源:IncludeTag.java

示例2: checkNotCsrfAttack

import javax.servlet.http.HttpServletRequest; //導入方法依賴的package包/類
/**
 * Check that this request is not subject to a CSRF attack
 * @param request The original browser's request
 * @param sessionCookieName "JSESSIONID" unless it has been overridden
 */
private void checkNotCsrfAttack(HttpServletRequest request, String sessionCookieName)
{
    // A check to see that this isn't a csrf attack
    // http://en.wikipedia.org/wiki/Cross-site_request_forgery
    // http://www.tux.org/~peterw/csrf.txt
    if (request.isRequestedSessionIdValid() && request.isRequestedSessionIdFromCookie())
    {
        String headerSessionId = request.getRequestedSessionId();
        if (headerSessionId.length() > 0)
        {
            String bodySessionId = getHttpSessionId();

            // Normal case; if same session cookie is supplied by DWR and
            // in HTTP header then all is ok
            if (headerSessionId.equals(bodySessionId))
            {
                return;
            }

            // Weblogic adds creation time to the end of the incoming
            // session cookie string (even for request.getRequestedSessionId()).
            // Use the raw cookie instead
            Cookie[] cookies = request.getCookies();
            for (int i = 0; i < cookies.length; i++)
            {
                Cookie cookie = cookies[i];
                if (cookie.getName().equals(sessionCookieName) &&
                        cookie.getValue().equals(bodySessionId))
                {
                    return;
                }
            }

            // Otherwise error
            log.error("A request has been denied as a potential CSRF attack.");
            throw new SecurityException("Session Error");
        }
    }
}

開發者ID:parabuild-ci，項目名稱:parabuild-ci，代碼行數:45，代碼來源:Batch.java

注：本文中的javax.servlet.http.HttpServletRequest.isRequestedSessionIdFromCookie方法示例由純淨天空整理自Github/MSDocs等開源代碼及文檔管理平台，相關代碼片段篩選自各路編程大神貢獻的開源項目，源碼版權歸原作者所有，傳播和使用請參考對應項目的License；未經允許，請勿轉載。