checkSession.jsp revision 3547063d010b485922e56e2fe43f2f3cde2e710a
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * DO NOT REMOVE COPYRIGHT NOTICES OR THIS HEADER.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Copyright (c) 2013 ForgeRock AS All rights reserved.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * The contents of this file are subject to the terms
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * of the Common Development and Distribution License
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * (the License). You may not use this file except in
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * compliance with the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * You can obtain a copy of the License at
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * See the License for the specific language governing
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * permission and limitations under the License.
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * When distributing Covered Code, include this CDDL
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * Header Notice in each file and include the License file
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * at http://forgerock.org/license/CDDLv1.0.html
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * If applicable, add the following below the CDDL Header,
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * with the fields enclosed by brackets [] replaced by
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * your own identifying information:
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster * "Portions copyright [year] [name of copyright owner]"
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington<%@ page pageEncoding="UTF-8" %>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster<%@ page import="org.forgerock.openam.oauth2.openid.CheckSessionImpl" %>
a4544a5a0e622ef69e38641f87ab1b5685e05911Phill Cunnington<%@ page import="org.forgerock.openam.oauth2.openid.CheckSession" %>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster<%@ page import="org.owasp.esapi.ESAPI" %>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster CheckSession checkSession = new CheckSessionImpl();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String cookieName = checkSession.getCookieName();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster String clientSessionURI = checkSession.getClientSessionURI(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster Boolean validSession = checkSession.getValidSession(request);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster<!DOCTYPE html>
0fdab8904a8fe223f6934b878769fe45e7651c60Andrew Forrest <title></title>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster<script src="../../js/sha256.js"></script>
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster window.addEventListener("message", receiveMessage, false);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var client_id;
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster function receiveMessage(e){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster client_id = data[0];
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var clientURI = "<%=ESAPI.encoder().encodeForJavaScript(clientSessionURI)%>";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (e.origin !== clientURI){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var session_state = data[1];
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var opbs = getBrowserState();
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var ss = CryptoJS.SHA256(client_id + e.origin + opbs);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (session_state == ss) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster stat = 'unchanged';
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster stat = 'changed';
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster function getBrowserState(){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var validSession = "<%=validSession%>";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (!validSession){
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var cookieName = "<%=ESAPI.encoder().encodeForJavaScript(cookieName)%>" + "=";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var cookies = document.cookie+";";
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var cookieStart = cookies.indexOf(cookieName);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster if (cookieStart != -1) {
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster var end = cookies.indexOf(";", cookieStart);
a688bcbb4bcff5398fdd29b86f83450257dc0df4Allan Foster return unescape(cookies.substring(cookieStart + cookieName.length, end));