#include <session.h>
Public Member Functions | |
| Session (Application *parent) | |
| void | setStorage (SessionStore *store) |
| virtual bool | setup (Application *app) final |
| SessionStore * | storage () const |
 Public Member Functions inherited from Cutelyst::Plugin | |
| Plugin (Application *parent) | |
| virtual bool | setup (Application *app) |
Static Public Member Functions | |
| static void | changeExpires (Context *c, quint64 expires) |
| static QString | deleteReason (Context *c) |
| static void | deleteSession (Context *c, const QString &reason=QString()) |
| static void | deleteValue (Context *c, const QString &key) |
| static void | deleteValues (Context *c, const QStringList &keys) |
| static quint64 | expires (Context *c) |
| static QString | id (Context *c) |
| static bool | isValid (Context *c) |
| static void | setValue (Context *c, const QString &key, const QVariant &value) |
| static QVariant | value (Context *c, const QString &key, const QVariant &defaultValue=QVariant()) |
Detailed Description
Plugin providing methods for session management.
Configuration file options
There are some options you can set in your application configuration file in the Cutelyst_Session_Plugin section.
- expires
Integer value, default: 7200
Expiration duration of the session in seconds.
- verify_address
Boolean value, default: false
If enabled, the plugin will check if the IP address of the requesting user matches the address stored in the session data. In case of a mismatch, the session will be deleted.
- verify_user_agent
Boolean value, default: false
If true, the plugin will check if the user agent of the requesting user matches the user agent stored in the session data. In case of a mismatch, the session will be deleted.
- cookie_http_only
Boolean value, default: true
If true, the session cookie will have the httpOnly flag set so that the cookie is not accessible to JavaScript's Document.cookie API.
- cookie_secure
Boolean value, default: false
If true, the session cookie will have the secure flag set so that the cookie is only sent to the server with an encrypted request over the HTTPS protocol.
- cookie_same_site
String value, default: strict; acceptable values: default, none, lax, strict
Defines the SameSite attribute of the session cookie. See MDN to learn more about SameSite cookies. This configuration key is available since Cutelyst 3.8.0 and is only available if Cutelyst is compiled against Qt 6.1.0 or newer.
Constructor & Destructor Documentation
◆ Session()
| Session::Session | ( | Cutelyst::Application * | parent | ) |
Constructs a new session object with the given parent.
Definition at line 34 of file session.cpp.
◆ ~Session()
|
virtual |
Definition at line 40 of file session.cpp.
Member Function Documentation
◆ changeExpires()
|
static |
change the session expiration time for this session
Note that this only works to set the session longer than the config setting.
Definition at line 143 of file session.cpp.
◆ deleteReason()
|
static |
This method contains a string with the reason a session was deleted. Possible values include:
- session expired
- address mismatch
- user agent mismatch
Definition at line 165 of file session.cpp.
References Cutelyst::Context::stash().
◆ deleteSession()
|
static |
This method is used to invalidate a session. It takes an optional parameter which will be saved in deleteReason if provided.
NOTE: This method will also delete your flash data.
Definition at line 156 of file session.cpp.
◆ deleteValue()
|
static |
Removes the session key.
Definition at line 209 of file session.cpp.
References Cutelyst::Context::setStash(), and Cutelyst::Context::stash().
◆ deleteValues()
|
static |
Removes all session keys.
Definition at line 233 of file session.cpp.
References Cutelyst::Context::setStash(), and Cutelyst::Context::stash().
Referenced by Cutelyst::StatusMessage::load(), and Cutelyst::AuthenticationRealm::removePersistedUser().
◆ expires()
|
static |
This method returns the time when the current session will expire, or 0 if there is no current session. If there is a session and it already expired, it will delete the session and return 0 as well.
Definition at line 123 of file session.cpp.
References expires(), and Cutelyst::Context::stash().
Referenced by changeExpires(), and expires().
◆ id()
|
static |
Returns the current session id or null if there is no current session
Definition at line 105 of file session.cpp.
References Cutelyst::Context::stash().
Referenced by changeExpires().
◆ isValid()
|
static |
Returns true if the session is valid.
Definition at line 259 of file session.cpp.
◆ setStorage()
| void Session::setStorage | ( | SessionStore * | store | ) |
Sets the session storage
Definition at line 91 of file session.cpp.
◆ setup()
|
finalvirtual |
Sets up the plugin and loads the configuration.
Reimplemented from Cutelyst::Plugin.
Definition at line 45 of file session.cpp.
References Cutelyst::Application::afterDispatch(), Cutelyst::Engine::config(), Cutelyst::Cookie::Default, Cutelyst::Application::engine(), Cutelyst::Cookie::Lax, Cutelyst::Cookie::None, Cutelyst::Application::postForked(), and Cutelyst::Cookie::Strict.
◆ setValue()
|
static |
Sets the value for session key to value. If the key already exists, the previous value is overwritten.
Definition at line 185 of file session.cpp.
References Cutelyst::Context::setStash(), Cutelyst::Context::stash(), and value().
Referenced by Cutelyst::StatusMessage::error(), Cutelyst::StatusMessage::errorQuery(), Cutelyst::AuthenticationRealm::persistUser(), Cutelyst::StatusMessage::status(), and Cutelyst::StatusMessage::statusQuery().
◆ storage()
| SessionStore * Session::storage | ( | ) | const |
Returns the session storage
Definition at line 99 of file session.cpp.
◆ value()
|
static |
Returns the value for session key. If the session key doesn't exist, returns defaultValue.
Definition at line 170 of file session.cpp.
References Cutelyst::Context::stash().
Referenced by Cutelyst::StatusMessage::load(), setValue(), and Cutelyst::AuthenticationRealm::userIsRestorable().
