//------------------------------------------------------------------------------
//
// Copyright (c) Microsoft Corporation. All rights reserved.
//
//------------------------------------------------------------------------------
/*
* Collection of Http cookies for request and response intrinsics
*
* Copyright (c) 1998 Microsoft Corporation
*/
namespace System.Web {
using System;
using System.Collections.Generic;
using System.Collections.Specialized;
using System.Linq;
using System.Web.Util;
///
///
/// Provides a type-safe
/// way to manipulate HTTP cookies.
///
///
public sealed class HttpCookieCollection : NameObjectCollectionBase {
// Response object to notify about changes in collection
private HttpResponse _response;
// cached All[] arrays
private HttpCookie[] _all;
private String[] _allKeys;
private bool _changed;
// for implementing granular request validation
private ValidateStringCallback _validationCallback;
private HashSet _keysAwaitingValidation;
internal HttpCookieCollection(HttpResponse response, bool readOnly)
: base(StringComparer.OrdinalIgnoreCase) {
_response = response;
IsReadOnly = readOnly;
}
///
///
/// Initializes a new instance of the HttpCookieCollection
/// class.
///
///
public HttpCookieCollection(): base(StringComparer.OrdinalIgnoreCase) {
}
// This copy constructor is used by the granular request validation feature. The collections are mutable once
// created, but nobody should ever be mutating them, so it's ok for these to be out of [....]. Additionally,
// we don't copy _response since this should only ever be called for the request cookies.
internal HttpCookieCollection(HttpCookieCollection col)
: base(StringComparer.OrdinalIgnoreCase) {
// We explicitly don't copy validation-related fields, as we want the copy to "reset" validation state.
// Copy the file references from the original collection into this instance
for (int i = 0; i < col.Count; i++) {
ThrowIfMaxHttpCollectionKeysExceeded();
string key = col.BaseGetKey(i);
object value = col.BaseGet(i);
BaseAdd(key, value);
}
IsReadOnly = col.IsReadOnly;
}
internal bool Changed {
get { return _changed; }
set { _changed = value; }
}
internal void AddCookie(HttpCookie cookie, bool append) {
ThrowIfMaxHttpCollectionKeysExceeded();
_all = null;
_allKeys = null;
if (append) {
// DevID 251951 Cookie is getting duplicated by ASP.NET when they are added via a native module
// Need to not double add response cookies from native modules
if (!cookie.FromHeader) {
// mark cookie as new
cookie.Added = true;
}
BaseAdd(cookie.Name, cookie);
}
else {
if (BaseGet(cookie.Name) != null) {
// mark the cookie as changed because we are overriding the existing one
cookie.Changed = true;
}
BaseSet(cookie.Name, cookie);
}
}
// MSRC 12038: limit the maximum number of items that can be added to the collection,
// as a large number of items potentially can result in too many hash collisions that may cause DoS
private void ThrowIfMaxHttpCollectionKeysExceeded() {
if (Count >= AppSettings.MaxHttpCollectionKeys) {
throw new InvalidOperationException(SR.GetString(SR.CollectionCountExceeded_HttpValueCollection, AppSettings.MaxHttpCollectionKeys));
}
}
internal void EnableGranularValidation(ValidateStringCallback validationCallback) {
// Iterate over all the keys, adding each to the set containing the keys awaiting validation.
// Unlike dictionaries, HashSet can contain null keys, so don't need to special-case them.
_keysAwaitingValidation = new HashSet(Keys.Cast(), StringComparer.OrdinalIgnoreCase);
_validationCallback = validationCallback;
}
private void EnsureKeyValidated(string key, string value) {
if (_keysAwaitingValidation == null) {
// If dynamic validation hasn't been enabled, no-op.
return;
}
if (!_keysAwaitingValidation.Contains(key)) {
// If this key has already been validated (or is excluded), no-op.
return;
}
// If validation fails, the callback will throw an exception. If validation succeeds,
// we can remove it from the candidates list. A note:
// - Eager validation skips null/empty values, so we should, also.
if (!String.IsNullOrEmpty(value)) {
_validationCallback(key, value);
}
_keysAwaitingValidation.Remove(key);
}
internal void MakeReadOnly() {
IsReadOnly = true;
}
internal void RemoveCookie(String name) {
_all = null;
_allKeys = null;
BaseRemove(name);
_changed = true;
}
internal void Reset() {
_all = null;
_allKeys = null;
BaseClear();
_changed = true;
_keysAwaitingValidation = null;
}
//
// Public APIs to add / remove
//
///
///
/// Adds a cookie to the collection.
///
///
public void Add(HttpCookie cookie) {
if (_response != null)
_response.BeforeCookieCollectionChange();
AddCookie(cookie, true);
if (_response != null)
_response.OnCookieAdd(cookie);
}
///
/// [To be supplied.]
///
public void CopyTo(Array dest, int index) {
if (_all == null) {
int n = Count;
HttpCookie[] all = new HttpCookie[n];
for (int i = 0; i < n; i++)
all[i] = Get(i);
_all = all; // wait until end of loop to set _all reference in case Get throws
}
_all.CopyTo(dest, index);
}
///
/// Updates the value of a cookie.
///
public void Set(HttpCookie cookie) {
if (_response != null)
_response.BeforeCookieCollectionChange();
AddCookie(cookie, false);
if (_response != null)
_response.OnCookieCollectionChange();
}
///
///
/// Removes a cookie from the collection.
///
///
public void Remove(String name) {
if (_response != null)
_response.BeforeCookieCollectionChange();
RemoveCookie(name);
if (_response != null)
_response.OnCookieCollectionChange();
}
///
///
/// Clears all cookies from the collection.
///
///
public void Clear() {
Reset();
}
//
// Access by name
//
///
/// Returns an item from the collection.
///
public HttpCookie Get(String name) {
HttpCookie cookie = (HttpCookie)BaseGet(name);
if (cookie == null && _response != null) {
// response cookies are created on demand
cookie = new HttpCookie(name);
AddCookie(cookie, true);
_response.OnCookieAdd(cookie);
}
if (cookie != null) {
EnsureKeyValidated(name, cookie.Value);
}
return cookie;
}
///
/// Indexed value that enables access to a cookie in the collection.
///
public HttpCookie this[String name]
{
get { return Get(name);}
}
//
// Indexed access
//
///
///
/// Returns an
/// item from the collection.
///
///
public HttpCookie Get(int index) {
HttpCookie cookie = (HttpCookie)BaseGet(index);
// Call GetKey so that we can pass the key to the validation routine.
if (cookie != null) {
EnsureKeyValidated(GetKey(index), cookie.Value);
}
return cookie;
}
///
///
/// Returns key name from collection.
///
///
public String GetKey(int index) {
return BaseGetKey(index);
}
///
///
/// Default property.
/// Indexed property that enables access to a cookie in the collection.
///
///
public HttpCookie this[int index]
{
get { return Get(index);}
}
//
// Access to keys and values as arrays
//
/*
* All keys
*/
///
///
/// Returns
/// an array of all cookie keys in the cookie collection.
///
///
public String[] AllKeys {
get {
if (_allKeys == null)
_allKeys = BaseGetAllKeys();
return _allKeys;
}
}
}
}