/* * Copyright (C) 2000 - 2012 TagServlet Ltd * * This file is part of Open BlueDragon (OpenBD) CFML Server Engine. * * OpenBD is free software: you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * Free Software Foundation,version 3. * * OpenBD is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with OpenBD. If not, see http://www.gnu.org/licenses/ * * Additional permission under GNU GPL version 3 section 7 * * If you modify this Program, or any covered work, by linking or combining * it with any of the JARS listed in the README.txt (or a modified version of * (that library), containing parts covered by the terms of that JAR, the * licensors of this Program grant you additional permission to convey the * resulting work. * README.txt @ http://www.openbluedragon.org/license/README.txt * * http://openbd.org/ * $Id: $ */ package com.naryx.tagfusion.cfm.application; import javax.servlet.http.Cookie; import com.naryx.tagfusion.cfm.cookie.cfCookieData; import com.naryx.tagfusion.cfm.engine.cfData; import com.naryx.tagfusion.cfm.engine.cfSession; import com.naryx.tagfusion.cfm.engine.cfStringData; import com.naryx.tagfusion.cfm.engine.cfmRunTimeException; import com.naryx.tagfusion.cfm.engine.variableStore; public class sessionUtility extends Object { private static int cfid = 0; public String CFID; public String CFTOKEN; boolean bCookieSet = false, bSessionFromUrl = false, setDomainCookies = false; public sessionUtility(cfSession Session, boolean _setDomainCookies) { setDomainCookies = _setDomainCookies; cfStringData cCFID = null; cfStringData cCFTOKEN = null; bSessionFromUrl = true; // Check to see if they are in the [url.] first cfData urlData = Session.getQualifiedData(variableStore.URL_SCOPE); cCFID = (cfStringData) urlData.getData("cfid"); cCFTOKEN = (cfStringData) urlData.getData("cftoken"); if (cCFID == null || cCFTOKEN == null) { // Check to see if they are in the [form.] cfData formData = Session.getQualifiedData(variableStore.FORM_SCOPE); cCFID = (cfStringData) formData.getData("cfid"); cCFTOKEN = (cfStringData) formData.getData("cftoken"); if (cCFID == null || cCFTOKEN == null) { // Attempt to get them from a COOKIE cfData cookie = Session.getQualifiedData(variableStore.COOKIE_SCOPE); if (cookie != null) { cCFID = (cfStringData) cookie.getData("cfid"); cCFTOKEN = (cfStringData) cookie.getData("cftoken"); bCookieSet = true; bSessionFromUrl = false; } } } if (cCFID == null || cCFTOKEN == null || (cCFID != null && cCFID.getLength() == 0) || (cCFTOKEN != null && cCFTOKEN.getLength() == 0)) { // Generate new ones bCookieSet = false; bSessionFromUrl = false; CFID = (cfid++) + ""; CFTOKEN = generateCFTOKEN(Session); } else { // Use old ones CFID = cleanString(cCFID.getString()); CFTOKEN = cleanString(cCFTOKEN.getString()); } } public boolean IsSessionFromCookie() { return bCookieSet; } public String urlToken() { return "CFID=" + CFID + "&CFTOKEN=" + CFTOKEN; } public String getTokenShort(){ return CFID + ":" + CFTOKEN; } public String cleanString(String str) { if (str == null) return null; int c1 = str.indexOf(","); if (c1 == -1) return str; else return str.substring(0, c1); } public void setCookie(cfSession _Session) throws cfmRunTimeException { if (!bCookieSet && !bSessionFromUrl) { // don't overwrite existing cookies, don't set cookies if CFID/CFTOKEN from URL cfCookieData cookieHolder = (cfCookieData) _Session.getQualifiedData(variableStore.COOKIE_SCOPE); Cookie newCookie = new Cookie("CFID", CFID); newCookie.setMaxAge(9 * 365 * 24 * 60 * 60); newCookie.setPath("/"); cookieHolder.setData(newCookie, true); newCookie = new Cookie("CFTOKEN", CFTOKEN); newCookie.setMaxAge(9 * 365 * 24 * 60 * 60); newCookie.setPath("/"); cookieHolder.setData(newCookie, true); if (setDomainCookies) { cookieHolder.setDomainCookie(_Session, "CFTOKEN"); cookieHolder.setDomainCookie(_Session, "CFID"); } } } private static String generateCFTOKEN(cfSession _Session) { if (cfApplicationManager.cftokenUUID) { return com.nary.util.UUID.generateKey(); } // generate a random number between 10,000,000 and 99,999,999 int cftoken = 0; while (cftoken < 10000000) { cftoken = new java.util.Random().nextInt(99999999); } return String.valueOf(cftoken); } }