Package org.silverpeas.web.token
Class SessionSynchronizerTokenSetter
- java.lang.Object
-
- org.silverpeas.web.token.SessionSynchronizerTokenSetter
-
- All Implemented Interfaces:
EventListener,javax.servlet.http.HttpSessionListener
public class SessionSynchronizerTokenSetter extends Object implements javax.servlet.http.HttpSessionListener
A setter of a session token to the new spawned user session. A user session is really created in Silverpeas when a MainSessionController is instanciated and set to the current HTTP session. Nevertheless, this session token is set for each HTTP session created by the underlying web container so that it can be used with some credentials management function (password reseting, new registration, ...) whereas the user isn't authentified; in this last case, the session token is used as an anti-fuzzing token.The aim of the session token is to protect the current user session from attempt of intrusively use of it by anyone other that the user himself.
Because the web pages in Silverpeas has a deep use of HTML frames and of page relocation/reload, in order the requests sent by these elements can be correctly taken in charge in the token validation process, a cookie is created and valued with the session token.
- Author:
- mmoquillon
-
-
Constructor Summary
Constructors Constructor Description SessionSynchronizerTokenSetter()
-
Method Summary
All Methods Instance Methods Concrete Methods Modifier and Type Method Description voidsessionCreated(javax.servlet.http.HttpSessionEvent se)voidsessionDestroyed(javax.servlet.http.HttpSessionEvent se)
-
-
-
Method Detail
-
sessionCreated
public void sessionCreated(javax.servlet.http.HttpSessionEvent se)
- Specified by:
sessionCreatedin interfacejavax.servlet.http.HttpSessionListener
-
sessionDestroyed
public void sessionDestroyed(javax.servlet.http.HttpSessionEvent se)
- Specified by:
sessionDestroyedin interfacejavax.servlet.http.HttpSessionListener
-
-