Examples of org.apache.shiro.web.servlet.Cookie

• org.apache.shiro.web.servlet.Cookie
  wasp.org/index.php/HttpOnly">HttpOnly support. This allows Shiro to set HttpOnly cookies even on Servlet containers based on the {@code 2.4} and {@code 2.5} API (Servlet API 'native' support was only introduced inthe {@code 2.6} specification). @author Les Hazlewood @since 1.0

    @Test
    public void testGetSessionIdWithSessionIdCookieDisabledAndLowercaseRequestParam() {

        DefaultWebSessionManager mgr = new DefaultWebSessionManager();
        Cookie cookie = createMock(Cookie.class);
        mgr.setSessionIdCookie(cookie);
        mgr.setSessionIdCookieEnabled(false);

        //we should not have any reads from the cookie fields - if we do, this test case will fail.

  private Cookie sessionIdCookie;
  private boolean sessionIdCookieEnabled;

  public ShiroWebSessionManager() {
    Cookie cookie = new SimpleCookie(ShiroHttpSession.DEFAULT_SESSION_ID_NAME);
    cookie.setHttpOnly(true); //more secure, protects against XSS attacks
    this.sessionIdCookie = cookie;
    this.sessionIdCookieEnabled = true;

  }

  private void storeSessionId(Serializable currentId, HttpServletRequest request, HttpServletResponse response) {
    if (currentId == null) {
      String msg = "sessionId cannot be null when persisting for subsequent requests.";
      throw new IllegalArgumentException(msg);
    }
    Cookie template = getSessionIdCookie();
    Cookie cookie = new SimpleCookie(template);
    String idString = currentId.toString();
    cookie.setValue(idString);
    cookie.saveTo(request, response);
    log.trace("Set session ID cookie for session with id {}", idString);
  }