Java Code Examples for javax.servlet.http.HttpSession#isNew()

@Override
public void onInvalidSessionDetected(HttpServletRequest httpServletRequest, HttpServletResponse httpServletResponse) throws IOException, ServletException {
    HttpSession session = httpServletRequest.getSession();
    String sessionId = httpServletRequest.getRequestedSessionId();
    if(!session.isNew()){
        //内部重定向
        httpServletResponse.sendRedirect("/loginPage");
    }else{
        //直接输出js脚本跳转
        httpServletResponse.setContentType("text/html;charset=UTF-8");
        httpServletResponse.getWriter().print("<script type='text/javascript'>window.location.href = \"/loginPage\"</script>");
    }
    SessionInformation sessionInformation = sessionRegistry.getSessionInformation(sessionId);
    if(sessionInformation != null){
        User user = (User) sessionInformation.getPrincipal();
        sessionRegistry.removeSessionInformation(sessionId);
        log.info("剔除过期用户:"+user.getUsername());
    }
    log.info("session失效处理 " + sessionRegistry.getAllPrincipals().size()+"");
    httpServletResponse.flushBuffer();
}
 

/**
 * @param hreq
 * @return associated user session
 */
public static UserSession getUserSession(HttpServletRequest hreq) {
    // get existing or create new session
    final HttpSession httpSession = hreq.getSession(true);
    if (httpSession.isNew()) {
        // set a possibly changed session timeout interval
        int currentSessionTimeout = httpSession.getMaxInactiveInterval();
        if (currentSessionTimeout != getGlobalSessionTimeout()) {
            httpSession.setMaxInactiveInterval(getGlobalSessionTimeout());
            if (log.isDebugEnabled()) {
                log.debug("HTTP session timeout changed [id=" + httpSession.getId() + ": " + currentSessionTimeout + "s => " + getGlobalSessionTimeout() + "s]");
            }
        }
    }

    return getUserSession(httpSession);
}
 

@Override
public void service(ServletRequest request, ServletResponse response) throws ServletException, IOException {
	HttpServletRequest httpRequest = (HttpServletRequest) request;
	HttpServletResponse httpResponse = (HttpServletResponse) response;
	
	
	
	
	HttpSession session = httpRequest.getSession();
	if (session.isNew()) {
		session.setAttribute("zar", new Random().nextInt(6) + 1);
	}
	
	
	httpResponse.setHeader("Content-Type", "text/plain");
	httpResponse.getWriter().println(
			"<html><body><h1>Hello Web !! " + 
					session.getAttribute("zar")+"</h1></body></html>");
	System.out.println("p1 = " + httpRequest.getParameter("p1"));
	System.out.println("p2 = " + httpRequest.getParameter("p2"));
}
 

public void sessionCreated(HttpSessionEvent event) {
    HttpSession session = event.getSession();
    
    // 设置 session 的过期时间
    if(session.isNew()){
        String configValue = ParamConfig.getAttribute(PX.SESSION_CYCLELIFE_CONFIG);
        try {
        	int cycleLife = Integer.parseInt(configValue);
session.setMaxInactiveInterval(cycleLife); // 以秒为单位
        } 
        catch(Exception e) { }
    }
    
    String sessionId = session.getId();
    String appCode = Context.getApplicationContext().getCurrentAppCode();
    log.debug("应用【" + appCode + "】里 sessionId为：" + sessionId
            + " 的session创建完成，有效期为：" + session.getMaxInactiveInterval() + " 秒 ");
    
    Context.sessionMap.put(sessionId, session);
}
 

private void checkSession(HttpSession session, RequestContextIFace requestContext) throws SessionExpiredException {

		// start modifications by Zerbetto on 25-02-2008: NEW_SESSION parameter can force a new session
		boolean isRequestedSessionIdValid = true;
		boolean isRequiredNewSession = false; // Zerbetto on 25-02-2008
		RequestContainer requestContainer = requestContext.getRequestContainer();

		if (session.isNew()) {
			isRequestedSessionIdValid = (requestContainer.getAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID) == null);
			String newSessionRequestAttr = (String) requestContainer.getServiceRequest().getAttribute(NEW_SESSION); // Zerbetto on 25-02-2008
			isRequiredNewSession = newSessionRequestAttr != null && newSessionRequestAttr.equalsIgnoreCase("TRUE"); // Zerbetto on 25-02-2008
		} // if (session.isNew())
		synchronized (session) {
			RequestContainer parentRequestContainer = (RequestContainer) session.getAttribute(Constants.REQUEST_CONTAINER);
			if (!Navigator.isNavigatorEnabled()) {
				if (parentRequestContainer == null)
					requestContainer.setSessionContainer(new SessionContainer(true));
				else
					requestContainer.setSessionContainer(parentRequestContainer.getSessionContainer());
			} else {
				if (parentRequestContainer == null)
					requestContainer.setSessionContainer(new SessionContainer(true));
				else {
					requestContainer.setSessionContainer(new SessionContainer(false));
					requestContainer.setParent(parentRequestContainer);
				} // if (parentRequestContainer == null) else
			} // if (!Navigator.isNavigatorEnabled())
			session.setAttribute(Constants.REQUEST_CONTAINER, requestContainer);
		} // synchronized (session)
		if (!isRequestedSessionIdValid) {
			if (!isRequiredNewSession) { // Zerbetto on 25-02-2008
				TracerSingleton.log(Constants.NOME_MODULO, TracerSingleton.WARNING, "AdapterHTTP::service: sessione scaduta !");
				throw new SessionExpiredException(EMFErrorSeverity.ERROR, "Expired Session");
			} // Zerbetto on 25-02-2008
		} // if (!isRequestedSessionIdValid)
			// end modifications by Zerbetto on 25-02-2008: NEW_SESSION parameter can force a new session
	}
 

/**
 * Return <code>true</code> if the specified URL should be encoded with
 * a session identifier.  This will be true if all of the following
 * conditions are met:
 * <ul>
 * <li>The request we are responding to asked for a valid session
 * <li>The requested session ID was not received via a cookie
 * <li>The specified URL points back to somewhere within the web
 * application that is responding to this request
 * </ul>
 *
 * @param location Absolute URL to be validated
 */
private boolean isEncodeable(final String location) {

    if (location == null)
        return (false);

    // Is this an intra-document reference?
    if (location.startsWith("#"))
        return (false);

    // Are we in a valid session that is not using cookies?
    final HttpServletRequestImpl hreq = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getOriginalRequest();

    // Is URL encoding permitted
    if (!originalServletContext.getEffectiveSessionTrackingModes().contains(SessionTrackingMode.URL)) {
        return false;
    }

    final HttpSession session = hreq.getSession(false);
    if (session == null) {
        return false;
    } else if(hreq.isRequestedSessionIdFromCookie()) {
        return false;
    } else if (!hreq.isRequestedSessionIdFromURL() && !session.isNew()) {
        return false;
    }

    return doIsEncodeable(hreq, session, location);
}
 

@Override
protected void doGet(HttpServletRequest req, HttpServletResponse resp) 
		throws ServletException, IOException {
	
	// 获取session
	// 如果是第一次请求的话，会创建一个HttpSeesion，等同于 req.getSession(true);
	// 如果已存在session，则会获取session。
	HttpSession session = req.getSession();
	
	if (session.isNew()) {
		// 设置session属性值	
		session.setAttribute("name", "Jeff");
	}
	// 获取SessionId
	String sessionId = session.getId();
	
	PrintWriter out = resp.getWriter();
	// 如果HttpSeesion是新建的话
	if (session.isNew()) {
		out.println("Hello,HttpSession! <br>The first response - SeesionId=" 
				+ sessionId + " <br>");
	} else {
		out.println("Hello,HttpSession! <br>The second response - SeesionId=" 
				+ sessionId + " <br>");
		// 从Session获取属性值
		out.println("The second-response - name: " 
				+ session.getAttribute("name"));
	}
	
}
 

protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
  HttpSession session = request.getSession();
  if (session.isNew()) {
    request.setAttribute("isNew", "Session is new.");
  } else {
    request.setAttribute("isNew", "Session already existing");
    session.setMaxInactiveInterval(90);
  }

  if (request.getParameter("action") != null) {
    if (request.getParameter("action").equals("Set Attribute")
        && request.getParameter("key") != null && !request.getParameter("value").equals("null")) {
      session.setAttribute(request.getParameter("key"), request.getParameter("value"));
    }

    if (request.getParameter("action").equals("Get Attribute")
        && request.getParameter("key") != null) {
      request.setAttribute("getKey", session.getAttribute(request.getParameter("key")));
    }

    if (request.getParameter("action").equals("Delete Attribute")
        && request.getParameter("key") != null) {
      session.removeAttribute(request.getParameter("key"));
    }
  }

  request.getRequestDispatcher("/index.jsp").forward(request, response);
}
 

/**
 * 移除用户Session
 */
public synchronized static void removeUserSession(Long userId) {
    Map<Long, String> userSessionMap = getSessionIds();
    if (userSessionMap.containsKey(userId)) {
        String sessionId = userSessionMap.get(userId);
        HttpSession httpSession = singleLoginSessionMap.get(sessionId);
        if (!httpSession.isNew()) {
            httpSession.removeAttribute(OpencronTools.LOGIN_USER);
            //httpSession.invalidate();
        }
        singleLoginSessionMap.remove(sessionId);
    }
}
 

/**
 * Check session.
 * 
 * @param session        the session
 * @param requestContext the request context
 * 
 * @throws SessionExpiredException the session expired exception
 */
private void checkSession(HttpSession session, RequestContextIFace requestContext) throws SessionExpiredException {

	// start modifications by Zerbetto on 25-02-2008: NEW_SESSION parameter can force a new session
	boolean isRequestedSessionIdValid = true;
	boolean isRequiredNewSession = false; // Zerbetto on 25-02-2008
	RequestContainer requestContainer = requestContext.getRequestContainer();

	if (session.isNew()) {
		isRequestedSessionIdValid = (requestContainer.getAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID) == null);
		String newSessionRequestAttr = (String) requestContainer.getServiceRequest().getAttribute(NEW_SESSION); // Zerbetto on 25-02-2008
		isRequiredNewSession = newSessionRequestAttr != null && newSessionRequestAttr.equalsIgnoreCase("TRUE"); // Zerbetto on 25-02-2008
	} // if (session.isNew())
	synchronized (session) {
		RequestContainer parentRequestContainer = (RequestContainer) session.getAttribute(Constants.REQUEST_CONTAINER);
		if (!Navigator.isNavigatorEnabled()) {
			if (parentRequestContainer == null)
				requestContainer.setSessionContainer(new SessionContainer(true));
			else
				requestContainer.setSessionContainer(parentRequestContainer.getSessionContainer());
		} else {
			if (parentRequestContainer == null)
				requestContainer.setSessionContainer(new SessionContainer(true));
			else {
				requestContainer.setSessionContainer(new SessionContainer(false));
				requestContainer.setParent(parentRequestContainer);
			} // if (parentRequestContainer == null) else
		} // if (!Navigator.isNavigatorEnabled())
		session.setAttribute(Constants.REQUEST_CONTAINER, requestContainer);
	} // synchronized (session)
	if (!isRequestedSessionIdValid) {
		if (!isRequiredNewSession) { // Zerbetto on 25-02-2008
			TracerSingleton.log(Constants.NOME_MODULO, TracerSingleton.WARNING, "AdapterHTTP::service: sessione scaduta !");
			throw new SessionExpiredException(EMFErrorSeverity.ERROR, "Expired Session");
		} // Zerbetto on 25-02-2008
	} // if (!isRequestedSessionIdValid)
		// end modifications by Zerbetto on 25-02-2008: NEW_SESSION parameter can force a new session
}
 

/**
 * Check session.
 * 
 * @param session        the session
 * @param requestContext the request context
 * 
 * @throws SessionExpiredException the session expired exception
 */
private void checkSession(HttpSession session, RequestContextIFace requestContext) throws SessionExpiredException {

	// start modifications by Zerbetto on 25-02-2008: NEW_SESSION parameter can force a new session
	boolean isRequestedSessionIdValid = true;
	boolean isRequiredNewSession = false; // Zerbetto on 25-02-2008
	RequestContainer requestContainer = requestContext.getRequestContainer();

	if (session.isNew()) {
		isRequestedSessionIdValid = (requestContainer.getAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID) == null);
		String newSessionRequestAttr = (String) requestContainer.getServiceRequest().getAttribute(NEW_SESSION); // Zerbetto on 25-02-2008
		isRequiredNewSession = newSessionRequestAttr != null && newSessionRequestAttr.equalsIgnoreCase("TRUE"); // Zerbetto on 25-02-2008
	} // if (session.isNew())
	synchronized (session) {
		RequestContainer parentRequestContainer = (RequestContainer) session.getAttribute(Constants.REQUEST_CONTAINER);
		if (!Navigator.isNavigatorEnabled()) {
			if (parentRequestContainer == null)
				requestContainer.setSessionContainer(new SessionContainer(true));
			else
				requestContainer.setSessionContainer(parentRequestContainer.getSessionContainer());
		} else {
			if (parentRequestContainer == null)
				requestContainer.setSessionContainer(new SessionContainer(true));
			else {
				requestContainer.setSessionContainer(new SessionContainer(false));
				requestContainer.setParent(parentRequestContainer);
			} // if (parentRequestContainer == null) else
		} // if (!Navigator.isNavigatorEnabled())
		session.setAttribute(Constants.REQUEST_CONTAINER, requestContainer);
	} // synchronized (session)
	if (!isRequestedSessionIdValid) {
		if (!isRequiredNewSession) { // Zerbetto on 25-02-2008
			TracerSingleton.log(Constants.NOME_MODULO, TracerSingleton.WARNING, "AdapterHTTP::service: sessione scaduta !");
			throw new SessionExpiredException(EMFErrorSeverity.ERROR, "Expired Session");
		} // Zerbetto on 25-02-2008
	} // if (!isRequestedSessionIdValid)
		// end modifications by Zerbetto on 25-02-2008: NEW_SESSION parameter can force a new session
}
 

protected void doGet(HttpServletRequest request, HttpServletResponse response)
    throws ServletException, IOException {
  HttpSession session = request.getSession();
  if (session.isNew()) {
    request.setAttribute("isNew", "Session is new.");
  } else {
    request.setAttribute("isNew", "Session already existing");
    session.setMaxInactiveInterval(90);
  }

  if (request.getParameter("action") != null) {
    if (request.getParameter("action").equals("Set Attribute")
        && request.getParameter("key") != null && !request.getParameter("value").equals("null")) {
      session.setAttribute(request.getParameter("key"), request.getParameter("value"));
    }

    if (request.getParameter("action").equals("Get Attribute")
        && request.getParameter("key") != null) {
      request.setAttribute("getKey", session.getAttribute(request.getParameter("key")));
    }

    if (request.getParameter("action").equals("Delete Attribute")
        && request.getParameter("key") != null) {
      session.removeAttribute(request.getParameter("key"));
    }
  }

  request.getRequestDispatcher("/index.jsp").forward(request, response);
}
 

/**
 * Returns the final response from the servlet. Note that this method should
 * only be invoked after all processing has been done to the servlet response.
 **/
public WebResponse getServletResponse() throws IOException {
    if (_contextStack.size() != 1) throw new IllegalStateException( "Have not returned from all request dispatchers" );
    if (_webResponse == null) {
        HttpSession session = getRequest().getSession( /* create */ false );
        if (session != null && session.isNew()) {
            Cookie cookie = new Cookie( ServletUnitHttpSession.SESSION_COOKIE_NAME, session.getId() );
            cookie.setPath( _application.getContextPath() );
            getResponse().addCookie( cookie );
        }
        _webResponse = new ServletUnitWebResponse( _client, _frame, _effectiveURL, getResponse(), _client.getExceptionsThrownOnErrorStatus() );
    }
    return _webResponse;
}
 

/**
 * Return <code>true</code> if the specified URL should be encoded with
 * a session identifier.  This will be true if all of the following
 * conditions are met:
 * <ul>
 * <li>The request we are responding to asked for a valid session
 * <li>The requested session ID was not received via a cookie
 * <li>The specified URL points back to somewhere within the web
 * application that is responding to this request
 * </ul>
 *
 * @param location Absolute URL to be validated
 */
private boolean isEncodeable(final String location) {

    if (location == null)
        return (false);

    // Is this an intra-document reference?
    if (location.startsWith("#"))
        return (false);

    // Are we in a valid session that is not using cookies?
    final HttpServletRequestImpl hreq = exchange.getAttachment(ServletRequestContext.ATTACHMENT_KEY).getOriginalRequest();

    // Is URL encoding permitted
    if (!originalServletContext.getEffectiveSessionTrackingModes().contains(SessionTrackingMode.URL)) {
        return false;
    }

    final HttpSession session = hreq.getSession(false);
    if (session == null) {
        return false;
    } else if(hreq.isRequestedSessionIdFromCookie()) {
        return false;
    } else if (!hreq.isRequestedSessionIdFromURL() && !session.isNew()) {
        return false;
    }

    return doIsEncodeable(hreq, session, location);
}
 

@Override
protected boolean onPreHandle(ServletRequest request, ServletResponse response,
        Object mappedValue) {
    HttpServletRequest httpServletRequest = (HttpServletRequest) request;
    HttpServletResponse httpServletResponse = (HttpServletResponse) response;
    final HttpSession session = httpServletRequest.getSession(false);

    // Only apply XSRF protection when there is a session
    if (session != null) {
        // If session is new, generate a token and put it in a cookie
        if (session.isNew()) {
            setXsrfCookie(httpServletResponse);
        }
        // Else, apply XSRF protection logic
        else {
            final boolean noCheck;
            if (mappedValue != null && ((String[]) mappedValue).length != 0) {
                noCheck = NO_CHECK.equals(((String[]) mappedValue)[0]);
            } else {
                noCheck = false;
            }

            if (!noCheck && !isRequestIgnored(httpServletRequest)) {
                String cookieToken = getTokenFromCookie(httpServletRequest);

                // If no cookie is available, send an error
                if (cookieToken == null) {
                    WebSecurityPlugin.sendErrorToClient((HttpServletResponse) response,
                            LOGGER,
                            HttpServletResponse.SC_FORBIDDEN,
                            "Missing CSRF protection token cookie",
                            null);
                    return false;
                }

                // Try to obtain the request token from a header
                String requestToken = getTokenFromHeader(httpServletRequest);

                // Fallback to query parameter if we didn't a token in the headers
                if (requestToken == null) {
                    requestToken = getTokenFromParameter(httpServletRequest);
                }

                // If no request token available, send an error
                if (requestToken == null) {
                    WebSecurityPlugin.sendErrorToClient((HttpServletResponse) response,
                            LOGGER,
                            HttpServletResponse.SC_FORBIDDEN,
                            "Missing CSRF protection token in the request headers",
                            null);
                    return false;
                }

                // If tokens don't match, send an error
                if (!cookieToken.equals(requestToken)) {
                    WebSecurityPlugin.sendErrorToClient((HttpServletResponse) response,
                            LOGGER,
                            HttpServletResponse.SC_FORBIDDEN,
                            "Request token does not match session token",
                            null);
                    return false;
                }

                // Regenerate token if per-request tokens are in use
                if (xsrfConfig.isPerRequestToken()) {
                    setXsrfCookie(httpServletResponse);
                }
            }
        }
    }
    return true;
}
 

private void checkSession(HttpSession session, RequestContextIFace requestContext)
	throws SessionExpiredException {
	
	// start modifications by Zerbetto on 25-02-2008: NEW_SESSION parameter can force a new session
    boolean isRequestedSessionIdValid = true;
    boolean isRequiredNewSession = false;    // Zerbetto on 25-02-2008
    RequestContainer requestContainer = requestContext.getRequestContainer();
            
    if (session.isNew()) {
        isRequestedSessionIdValid = (requestContainer.getAttribute(HTTP_REQUEST_REQUESTED_SESSION_ID) == null);
    	String newSessionRequestAttr = (String) requestContainer.getServiceRequest().getAttribute(NEW_SESSION); // Zerbetto on 25-02-2008
    	isRequiredNewSession = newSessionRequestAttr != null && newSessionRequestAttr.equalsIgnoreCase("TRUE"); // Zerbetto on 25-02-2008
    } // if (session.isNew())
    synchronized (session) {
        RequestContainer parentRequestContainer = (RequestContainer) session
                .getAttribute(Constants.REQUEST_CONTAINER);
        if (!Navigator.isNavigatorEnabled()) {
            if (parentRequestContainer == null)
                requestContainer.setSessionContainer(new SessionContainer(true));
            else
                requestContainer.setSessionContainer(parentRequestContainer
                        .getSessionContainer());
        }
        else {
            if (parentRequestContainer == null)
                requestContainer.setSessionContainer(new SessionContainer(true));
            else {
                requestContainer.setSessionContainer(new SessionContainer(false));
                requestContainer.setParent(parentRequestContainer);
            } // if (parentRequestContainer == null) else
        } // if (!Navigator.isNavigatorEnabled())
        session.setAttribute(Constants.REQUEST_CONTAINER, requestContainer);
    } // synchronized (session)
    if (!isRequestedSessionIdValid) {
    	if (!isRequiredNewSession) { // Zerbetto on 25-02-2008
         TracerSingleton.log(Constants.NOME_MODULO, TracerSingleton.WARNING,
                 "AdapterHTTP::service: sessione scaduta !");
         throw new SessionExpiredException(EMFErrorSeverity.ERROR, "Expired Session");
    	} // Zerbetto on 25-02-2008
    } // if (!isRequestedSessionIdValid)
    // end modifications by Zerbetto on 25-02-2008: NEW_SESSION parameter can force a new session
}
 

public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
	// 如果不存在 session 会话，则创建一个 session 对象
	HttpSession session = request.getSession(true);
	// 获取 session 创建时间
	Date createTime = new Date(session.getCreationTime());
	// 获取该网页的最后一次访问时间
	Date lastAccessTime = new Date(session.getLastAccessedTime());

	// 设置日期输出的格式
	SimpleDateFormat df = new SimpleDateFormat("yyyy-MM-dd HH:mm:ss");

	String title = "Servlet Session 实例";
	Integer visitCount = new Integer(0);
	String visitCountKey = new String("visitCount");
	String userIDKey = new String("userID");
	String userID = new String("admin");

	// 检查网页上是否有新的访问者
	if (session.isNew()) {
		session.setAttribute(userIDKey, userID);
	} else {
		visitCount = (Integer) session.getAttribute(visitCountKey);
		visitCount = visitCount + 1;
		userID = (String) session.getAttribute(userIDKey);
	}
	session.setAttribute(visitCountKey, visitCount);

	// 设置响应内容类型
	response.setContentType("text/html;charset=UTF-8");
	PrintWriter out = response.getWriter();

	String docType = "<!DOCTYPE html>\n";
	out.println(docType + "<html>\n" + "<head><title>" + title + "</title></head>\n"
		+ "<body bgcolor=\"#f0f0f0\">\n" + "<h1 align=\"center\">" + title + "</h1>\n"
		+ "<h2 align=\"center\">Session 信息</h2>\n" + "<table border=\"1\" align=\"center\">\n"
		+ "<tr bgcolor=\"#949494\">\n" + "  <th>Session 信息</th><th>值</th></tr>\n" + "<tr>\n" + "  <td>id</td>\n"
		+ "  <td>" + session.getId() + "</td></tr>\n" + "<tr>\n" + "  <td>创建时间</td>\n" + "  <td>"
		+ df.format(createTime) + "  </td></tr>\n" + "<tr>\n" + "  <td>最后访问时间</td>\n" + "  <td>"
		+ df.format(lastAccessTime) + "  </td></tr>\n" + "<tr>\n" + "  <td>用户 ID</td>\n" + "  <td>" + userID
		+ "  </td></tr>\n" + "<tr>\n" + "  <td>访问统计：</td>\n" + "  <td>" + visitCount + "</td></tr>\n"
		+ "</table>\n" + "</body></html>");
}
 

@Override
public void reset()
{
    _status = 200;
    _reason = null;
    _out.resetBuffer();
    _outputType = OutputType.NONE;
    _contentLength = -1;
    _contentType = null;
    _mimeType = null;
    _characterEncoding = null;
    _encodingFrom = EncodingFrom.NOT_SET;

    // Clear all response headers
    _fields.clear();

    // recreate necessary connection related fields
    for (String value : _channel.getRequest().getHttpFields().getCSV(HttpHeader.CONNECTION, false))
    {
        HttpHeaderValue cb = HttpHeaderValue.CACHE.get(value);
        if (cb != null)
        {
            switch (cb)
            {
                case CLOSE:
                    _fields.put(HttpHeader.CONNECTION, HttpHeaderValue.CLOSE.toString());
                    break;
                case KEEP_ALIVE:
                    if (HttpVersion.HTTP_1_0.is(_channel.getRequest().getProtocol()))
                        _fields.put(HttpHeader.CONNECTION, HttpHeaderValue.KEEP_ALIVE.toString());
                    break;
                case TE:
                    _fields.put(HttpHeader.CONNECTION, HttpHeaderValue.TE.toString());
                    break;
                default:
            }
        }
    }

    // recreate session cookies
    Request request = getHttpChannel().getRequest();
    HttpSession session = request.getSession(false);
    if (session != null && session.isNew())
    {
        SessionHandler sh = request.getSessionHandler();
        if (sh != null)
        {
            HttpCookie c = sh.getSessionCookie(session, request.getContextPath(), request.isSecure());
            if (c != null)
                addCookie(c);
        }
    }
}
 

public boolean initClientSessionForAcc(HttpServletRequest req, String accId) {
	
	String clientIp = getClientIp(req);
	String userAgent = getUserAgent(req);
	boolean isNewSession = false;
	
	HttpSession session = req.getSession(false);
	if(session == null){
		int maxSessionsCount = getMaxSessionsCountForChatClient(clientIp);
		int curSessionsByIp = c.sessionsCounter.getSessionsCount(clientIp);
		if(curSessionsByIp >= maxSessionsCount)
			throw new MaxSessionsCountByIpException(clientIp);
		
		session = req.getSession(true);
		if(session.isNew()){
			session.setMaxInactiveInterval(props.getIntVal(chats_sessionLivetime));	
			isNewSession = true;
		}
	}
	
	ClientSession clientSession = (ClientSession) session.getAttribute(CLIENT_INFO);
	if(clientSession == null){
		
		clientSession = new ClientSession(session.getId(), clientIp, userAgent);
		session.setAttribute(CLIENT_INFO, clientSession);
		
		clientSession.addAccId(accId);
		log.info("["+accId+"] "+"CLIENT session created: "
				+"ip="+clientIp
				+", userAgent="+userAgent
				+", sessionId="+session.getId());
		
	} else {
		
		boolean added = clientSession.addAccId(accId);
		if(added) {
			log.info("["+accId+"] "+"CLIENT session taken: "
					+"ip="+clientIp
					+", userAgent="+userAgent
					+", sessionId="+session.getId());
		}
	}
	
	return isNewSession;
	
}
 

@Override
    public void doFilter(ServletRequest request, ServletResponse response, FilterChain filterChain) throws IOException, ServletException {

        //maybe the short circuit to disable is set
        if (!CsrfGuard.getInstance().isEnabled()) {
            filterChain.doFilter(request, response);
            return;
        }

        /** only work with HttpServletRequest objects **/
        if (request instanceof HttpServletRequest && response instanceof HttpServletResponse) {

            HttpServletRequest httpRequest = (HttpServletRequest) request;
            HttpSession session = httpRequest.getSession(false);

            //if there is no session and we arent validating when no session exists
            if (session == null && !CsrfGuard.getInstance().isValidateWhenNoSessionExists()) {
                // If there is no session, no harm can be done
                filterChain.doFilter(httpRequest, (HttpServletResponse) response);
                return;
            }

            CsrfGuard csrfGuard = CsrfGuard.getInstance();
            InterceptRedirectResponse httpResponse = new InterceptRedirectResponse((HttpServletResponse) response, httpRequest, csrfGuard);

//			 if(MultipartHttpServletRequest.isMultipartRequest(httpRequest)) {
//				 httpRequest = new MultipartHttpServletRequest(httpRequest);
//			 }

            if ((session != null && session.isNew()) && csrfGuard.isUseNewTokenLandingPage()) {
                csrfGuard.writeLandingPage(httpRequest, httpResponse);
            } else if (csrfGuard.isValidRequest(httpRequest, httpResponse)) {
                filterChain.doFilter(httpRequest, httpResponse);
            } else {
                /** invalid request - nothing to do - actions already executed **/
            }

            /** update tokens **/
            csrfGuard.updateTokens(httpRequest);

        } else {
            filterConfig.getServletContext().log(String.format("[WARNING] CsrfGuard does not know how to work with requests of class %s ", request.getClass().getName()));

            filterChain.doFilter(request, response);
        }
    }