com.atlassian.seraph.auth
Class SessionInvalidator

java.lang.Object
  com.atlassian.seraph.auth.SessionInvalidator

public class SessionInvalidator
extends Object

Invalidates and performs the manipulation of the session necessary to obtain a fresh JSESSIONID on Tomcat and the equivalent on other containers. It copies the session content over to a new session with a new id (JSESSIONID) and can exclude a given list of session attribute keys from the copy. See http://jira.atlassian.com/browse/JRA-16008

Constructor Summary

SessionInvalidator(List<String> excludeList)
Create a session invalidator configured with the given exclusions.

Method Summary

void	invalidateSession(javax.servlet.http.HttpServletRequest httpServletRequest) If there is a session for the given request, invalidate it and create a new session, copying all attributes over except those configured exclusions.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Constructor Detail

SessionInvalidator

public SessionInvalidator(List<String> excludeList)

Create a session invalidator configured with the given exclusions.

Parameters:

excludeList - a list of session attribute keys to exclude from invalidated sessions.

Method Detail

invalidateSession

public void invalidateSession(javax.servlet.http.HttpServletRequest httpServletRequest)

If there is a session for the given request, invalidate it and create a new session, copying all attributes over except those configured exclusions.

Parameters:

httpServletRequest - the request whose session should be invalidated.