1717#include < cppcms/serialization_classes.h>
1818#include < string>
1919#include < map>
20+ #include < set>
2021#include < memory>
2122#include < sstream>
2223#include < typeinfo>
2324
2425namespace cppcms {
26+ namespace impl {
27+ struct cached_settings ;
28+ }
2529namespace http {
2630 class context ;
2731 class request ;
2832 class response ;
33+ class cookie ;
2934}
3035
3136class session_api ;
37+ class session_pool ;
3238
3339// /
3440// / \brief This exception is thrown when CSRF attempt is suspected:
@@ -42,6 +48,34 @@ class CPPCMS_API request_forgery_error : public cppcms_error {
4248 }
4349};
4450
51+
52+ // /
53+ // / API to handle session cookies.
54+ // /
55+ // / This API allows two things:
56+ // /
57+ // / (a) Integration with 3rd part web technologies to access CppCMS session, i.e. using CppCMS session
58+ // / from PHP or Java Servlets
59+ // /
60+ // / (b) An API that allows to translate cookies session tracking system to a different
61+ // / method when cookies do not suite the design - for example for internal RPC
62+ // / systems, etc. Note incorrect use of non-cookies medium may expose you
63+ // / to security issues
64+ // /
65+ class CPPCMS_API session_interface_cookie_adapter : public booster::noncopyable {
66+ public:
67+ virtual ~session_interface_cookie_adapter ();
68+ // /
69+ // / Set a new cookie value
70+ // /
71+ virtual void set_cookie (http::cookie const &updated_cookie) = 0;
72+ // /
73+ // / Get value of the cookie, it is guaranteed that \a name is
74+ // / what session_interface::session_cookie_name() returns
75+ // /
76+ virtual std::string get_session_cookie (std::string const &name) = 0;
77+ };
78+
4579// /
4680// / \brief This class provides an access to an application for session management
4781// /
@@ -69,11 +103,22 @@ class CPPCMS_API request_forgery_error : public cppcms_error {
69103class CPPCMS_API session_interface : private booster::noncopyable {
70104public:
71105
72- // / \cond INTERNAL
106+ // /
107+ // / Create cppcms::service independent session interface to be used
108+ // / for implementing interoperability with non-cppcms based web platforms
109+ // /
110+ session_interface (session_pool &pool,session_interface_cookie_adapter &adapter);
111+
112+ // /
113+ // / Creates session interface for the context - never should be used by users
114+ // / directly
115+ // /
73116 session_interface (http::context &);
74- ~session_interface ();
75- // / \endcond
76117
118+ // /
119+ // / destructor...
120+ // /
121+ ~session_interface ();
77122 // /
78123 // / Check if a \a key is set (assigned some value to it) in the session
79124 // /
@@ -267,6 +312,14 @@ class CPPCMS_API session_interface : private booster::noncopyable {
267312 // /
268313 bool load ();
269314
315+ // /
316+ // / Set alternative cookies interface and load session data, returns same value as load, note
317+ // / if any data was loaded from cookies it would be discarded
318+ // /
319+ // / It can be used for use of an alternative session state medium
320+ // /
321+ bool set_cookie_adapter_and_reload (session_interface_cookie_adapter &adapter);
322+
270323 // /
271324 // / Save the session data, generally should not be called as it is saved automatically. However when
272325 // / writing asynchronous application and using custom slow storage devices like SQL it may be useful to control
@@ -335,11 +388,22 @@ class CPPCMS_API session_interface : private booster::noncopyable {
335388 // /
336389 std::string get_csrf_token_cookie_name ();
337390
391+ // /
392+ // / Get the session cookie name
393+ // /
394+ std::string session_cookie_name ();
395+
396+ // /
397+ // / Retrun a set of keys that are defined for a current session;
398+ // /
399+ std::set<std::string> key_set ();
338400private:
339401 friend class http ::response;
340402 friend class http ::request;
341403
404+ void init ();
342405
406+ impl::cached_settings const &cached_settings ();
343407
344408 struct entry ;
345409
0 commit comments