WebSVN – SmartDukaan – Diff – /trunk/Website/src/main/java/in/shop2020/serving/interceptors/UserInterceptor.java

         HttpSession session = request.getSession(); // Get the existing session or create a new one
 		createCookiesMap(request);
+        // CreateUserInterceptor may have set the userinfo object in the request
+        // itself. If we can get the userinfo object here, we don't need to
+        // parse the cookies that came in with the request.
 		UserSessionInfo userInfo = (UserSessionInfo) request.getAttribute(USER_INFO_COOKIE_NAME);
 		userCookie = cookiesMap.get(UserInterceptor.USER_ID_COOKIE_NAME);
 		userinfoCookie = cookiesMap.get(USER_INFO_COOKIE_NAME);
 		if(userInfo == null ){
+		    //Okay, we didn't get the userinfo object from the request. Time to parse the UIC cookie.
 			if(userinfoCookie!=null){
 				userInfo = UserSessionInfo.getUserSessionInfoFromCookieValue(userinfoCookie.getValue());
+				if(userInfo.getUserId() == -1){
+				    //This means that the cookie couldn't be parsed. So, we should remove the cookie.
+				    expireUicCookie();
+				    expireUidCookie();
+				}
-			}else{
+			} else {
+			    //No UIC cookie too. Try the old UID cookie. This method is guaranteed  to return a userinfo object, cookie or not.
 				userInfo = createAndGetSessionFromUIDCookie(session);
+			}
+		}
-		request.setAttribute(USER_INFO_COOKIE_NAME, userInfo);
+		//Set the request attribute for access by other interceptors.
+		request.setAttribute(USER_INFO_COOKIE_NAME, userInfo);
+		//Set the userinfo object for use by actions.
 		if (action instanceof UserAware) {
         	UserAware sessionAction = (UserAware) action;
         	sessionAction.setSession(session);
         	sessionAction.setUserSessionInfo(userInfo);
         	sessionAction.setCookiesMap(cookiesMap);
         	sessionAction.setUserCookie(userCookie);
         	sessionAction.setCookieDomainName(cookieDomain);
+        }
+        // Ensure that the response of the action is presented to the pre-result
+        // listened of this interceptor. We want to add the cookies there.
 		invocation.addPreResultListener(this);
 		return invocation.invoke();
+	}
 		ActionContext ac = invocation.getInvocationContext();
 		HttpServletResponse response = (HttpServletResponse) ac.get(StrutsStatics.HTTP_RESPONSE);
 		addCookiesToResponse(invocation.getAction(), response);
+	}
+	/**
+	 * Adds cookies to the response object after the action has been executed.
+	 *
+	 * @param action
+	 * @param response
+	 */
 	private void addCookiesToResponse(Object action, HttpServletResponse response) {
 	    log.debug("Setting cookies in response");
 		if (action instanceof UserAware) {
 			List<Cookie> cookies = ((UserAware) action).getCookies();
 			if (cookies != null) {
+				}
+			}
+		}
+	}
+    /**
+     * Expires the UID cookie if the domain is not set or is set as the empty
+     * domain. Creates a new UID cookie with the cookie domain set.
+     *
+     * This is mostly to handle legacy issue wherein we were not setting the
+     * cookie domain explicitly to .saholic.com and different cookies were set
+     * for saholic.com and www.saholic.com.
+     *
+     * @param request
+     */
 	private void createCookiesMap(HttpServletRequest request) {
 		cookiesMap  = new HashMap<String, Cookie>();
 		Cookie[] cookies = request.getCookies();
 		if(cookies==null)
 			return;
 						newUserCookie.setDomain(cookieDomain);
 						HttpServletResponse response = ServletActionContext.getResponse();
 						response.addCookie(newUserCookie);
 						response.addCookie(cookie);
-					}
-					else {
+					} else {
 					    log.error("cookieDomain not set");
+					}
+				}
+			}
 		    cookiesMap.put(cookie.getName(), cookie);
+		}
+	}
+    /**
+     * Creates and gets session information from the UID cookie. This should be
+     * called only when the required information couldn't be had from the UIC
+     * cookie.
+     *
+     * It also expires the UID cookie if it can't parse the cookie value.
+     *
+     * @param session
+     * @return A user session info object.
+     */
 	private UserSessionInfo createAndGetSessionFromUIDCookie(HttpSession session) {
 		userCookie = (Cookie) cookiesMap.get(UserInterceptor.USER_ID_COOKIE_NAME);
 		UserSessionInfo userInfo = null;
 		if(userCookie != null){
 			String uidString = userCookie.getValue();
 					log.error("The UID cookie contains an unparseable userID");
 					expireUidCookie();
 					userInfo = new UserSessionInfo();
+				}
+			}
-		}
-		else{
+		} else{
-			userInfo = new UserSessionInfo();
-			log.info("Invalid session without user cookie.");
+		    log.info("Invalid session without user cookie.");
+		    userInfo = new UserSessionInfo();
+		}
 		return userInfo;
+	}
+	/**
+	 * Expires the UIC cookie.
+	 */
+    private void expireUicCookie() {
+        Cookie newUserCookie = new Cookie(UserInterceptor.USER_INFO_COOKIE_NAME, "-1"); //The value here is immaterial
+        newUserCookie.setMaxAge(0);                     // Expire this cookie now
+        newUserCookie.setPath("/");
+        newUserCookie.setDomain(cookieDomain);
+        HttpServletResponse response = ServletActionContext.getResponse();
+        response.addCookie(newUserCookie);
+    }
+    /**
+     * Expires the UID cookie.
+     */
     private void expireUidCookie() {
         Cookie newUserCookie = new Cookie(UserInterceptor.USER_ID_COOKIE_NAME, "-1"); //The value here is immaterial
         newUserCookie.setMaxAge(0);                     // Expire this cookie now
         newUserCookie.setPath("/");
         newUserCookie.setDomain(cookieDomain);

Subversion Repositories SmartDukaan

(root)/trunk/Website/src/main/java/in/shop2020/serving/interceptors/UserInterceptor.java – Rev 2960 → 2973