00001
00002
00003
00004
00005
00006
00008 #ifndef CPPCMS_SESSION_INTERFACE_H
00009 #define CPPCMS_SESSION_INTERFACE_H
00010
00011 #include <cppcms/defs.h>
00012 #include <booster/noncopyable.h>
00013 #include <booster/hold_ptr.h>
00014 #include <booster/shared_ptr.h>
00015 #include <cppcms/cstdint.h>
00016 #include <cppcms/cppcms_error.h>
00017 #include <cppcms/serialization_classes.h>
00018 #include <string>
00019 #include <map>
00020 #include <memory>
00021 #include <sstream>
00022 #include <typeinfo>
00023
00024 namespace cppcms {
00025 namespace http {
00026 class context;
00027 class request;
00028 class response;
00029 }
00030
00031 class session_api;
00032
00036 class CPPCMS_API request_forgery_error : public cppcms_error {
00037 public:
00039 request_forgery_error() :
00040 cppcms_error("Cross site request forgery detected")
00041 {
00042 }
00043 };
00044
00069 class CPPCMS_API session_interface : private booster::noncopyable {
00070 public:
00071
00073 session_interface(http::context &);
00074 ~session_interface();
00076
00080 bool is_set(std::string const &key);
00084 void erase(std::string const &key);
00088 void clear();
00089
00093 bool is_exposed(std::string const &key);
00098 void expose(std::string const &key,bool val=true);
00102 void hide(std::string const &key);
00103
00108 std::string &operator[](std::string const &key);
00112 void set(std::string const &key,std::string const &v);
00113
00118 std::string get(std::string const &key);
00119
00123 std::string get(std::string const &key,std::string const &default_value);
00124
00134 template<typename T>
00135 T get(std::string const &key)
00136 {
00137 std::istringstream ss(get(key));
00138 ss.imbue(std::locale::classic());
00139 T value;
00140 ss>>value;
00141 if(ss.fail() || !ss.eof())
00142 throw std::bad_cast();
00143 return value;
00144 }
00145
00151 template<typename T>
00152 void set(std::string const &key,T const &value)
00153 {
00154 std::ostringstream ss;
00155 ss.imbue(std::locale::classic());
00156 ss<<value;
00157 set(key,ss.str());
00158 }
00159
00165 template<typename Serializable>
00166 void store_data(std::string const &key,Serializable const &object)
00167 {
00168 std::string buffer;
00169 serialization_traits<Serializable>::save(object,buffer);
00170 set(key,buffer);
00171 }
00172
00181 template<typename Serializable>
00182 void fetch_data(std::string const &key,Serializable &object)
00183 {
00184 std::string buffer=get(key);
00185 serialization_traits<Serializable>::load(buffer,object);
00186 }
00187
00191 enum {
00192 fixed,
00193 renew,
00194
00195 browser
00196
00197 };
00198
00202 int age();
00206 void age(int t);
00210 void default_age();
00211
00215 int expiration();
00219 void expiration(int h);
00223 void default_expiration();
00224
00236 void on_server(bool srv);
00237
00241 bool on_server();
00242
00243
00249 void set_session_cookie(std::string const &data);
00255 void clear_session_cookie();
00256
00262 std::string get_session_cookie();
00263
00268 bool load();
00269
00275 void save();
00276
00284 bool is_blocking();
00285
00290 void reset_session();
00291
00292
00300 bool validate_csrf_token(std::string const &str);
00309 void validate_request_origin();
00310
00325 void request_origin_validation_is_required(bool required);
00326
00331 std::string get_csrf_token();
00336 std::string get_csrf_token_cookie_name();
00337
00338 private:
00339 friend class http::response;
00340 friend class http::request;
00341
00342
00343
00344 struct entry;
00345
00346 typedef std::map<std::string,entry> data_type;
00347 data_type data_,data_copy_;
00348 http::context *context_;
00349
00350
00351 int timeout_val_def_;
00352 int how_def_;
00353
00354
00355 int timeout_val_;
00356 int how_;
00357
00358
00359 time_t timeout_in_;
00360
00361 uint32_t new_session_ : 1;
00362 uint32_t saved_ : 1;
00363 uint32_t on_server_ : 1;
00364 uint32_t loaded_ : 1;
00365 uint32_t reset_ : 1;
00366 uint32_t csrf_checked_ : 1;
00367 uint32_t csrf_do_validation_ : 1;
00368 uint32_t csrf_validation_ : 1;
00369 uint32_t reserved_ : 24;
00370
00371 std::string temp_cookie_;
00372
00373
00374
00375 booster::shared_ptr<session_api> storage_;
00376 struct _data;
00377 booster::hold_ptr<_data> d;
00378
00379 int cookie_age();
00380 time_t session_age();
00381
00382 void check();
00383 void update_exposed(bool);
00384
00385
00386 void set_session_cookie(int64_t age,std::string const &data,std::string const &key=std::string());
00387
00388 void save_data(std::map<std::string,entry> const &data,std::string &s);
00389 void load_data(std::map<std::string,entry> &data,std::string const &s);
00390 std::string generate_csrf_token();
00391 };
00392
00393 }
00394
00395
00396 #endif
