* SessionStateModule.cs: Add readonly property for readonly

	sessions. This fixes bug #51647.
	* SessionInProcHandler.cs:
	* SessionSQLServerHandler.cs:
	* SessionStateServerHandler.cs: Cleanup params for
	HttpSessionState ctor. Make sure to always set is new, cookieless,
	and readonly properly.

svn path=/trunk/mcs/; revision=20811

mcs/class/System.Web/System.Web.SessionState/ChangeLog

@@ -1,3 +1,13 @@
+2003-12-05  Jackson Harper <[email protected]>
+
+	* SessionStateModule.cs: Add readonly property for readonly
+	sessions. This fixes bug #51647.
+	* SessionInProcHandler.cs:
+	* SessionSQLServerHandler.cs:
+	* SessionStateServerHandler.cs: Cleanup params for
+	HttpSessionState ctor. Make sure to always set is new, cookieless,
+	and readonly properly.
+	
 2003-12-03  Jackson Harper <[email protected]>
 
 	* SessionStateModule.cs: If using cookieless sessions add an

mcs/class/System.Web/System.Web.SessionState/SessionInProcHandler.cs

@@ -13,7 +13,6 @@
 	TODO:
 	    * Remove abandoned sessions., preferably by a worker thread sleeping most of the time.
 	    * Increase session security, for example by using UserAgent i hashcode.
-	    * Generate SessionID:s in a good (more random) way.
 */
 using System;
 using System.IO;
@@ -113,7 +112,7 @@ namespace System.Web.SessionState
 										true, //new session
 										false, // is cookieless
 										SessionStateMode.InProc,
-										false)); //readonly
+										module.IsReadOnly)); //readonly
 			// puts it in the table.
 			_sessionTable [sessionID]=container;
 			AppDomain.CurrentDomain.SetData (".MonoSessionInProc", _sessionTable);

mcs/class/System.Web/System.Web.SessionState/SessionSQLServerHandler.cs

@@ -77,7 +77,7 @@ namespace System.Web.SessionState {
 			string id = SessionId.Lookup (context.Request, config.CookieLess);
 
 			if (id != null) {
-				session = SelectSession (id);
+				session = SelectSession (id, module.IsReadOnly);
 				if (session != null) {
 					context.SetSession (session);
 					return false;
@@ -87,11 +87,10 @@ namespace System.Web.SessionState {
 			id = SessionId.Create (module.Rng);
 			session = new HttpSessionState (id, new SessionDictionary (),
 					new HttpStaticObjectsCollection (), config.Timeout, true,
-					false, SessionStateMode.SQLServer, false);
+					config.CookieLess, SessionStateMode.SQLServer, module.IsReadOnly);
 
 			InsertSession (session, config.Timeout);
 			context.SetSession (session);
-			context.Session.IsNewSession = true;
 
 			return true;
 		}
@@ -126,7 +125,7 @@ namespace System.Web.SessionState {
 				cncString = "SERVER=127.0.0.1;USER ID=monostate;PASSWORD=monostate;dbname=monostate";
 		}
 
-		private HttpSessionState SelectSession (string id)
+		private HttpSessionState SelectSession (string id, bool read_only)
 		{
 			HttpSessionState session = null;
 			IDbCommand command = cnc.CreateCommand();
@@ -150,8 +149,8 @@ namespace System.Web.SessionState {
 				dict = SessionDictionary.FromByteArray (ReadBytes (reader, reader.FieldCount-1));
 				sobjs = HttpStaticObjectsCollection.FromByteArray (ReadBytes (reader, reader.FieldCount-2));
 				
-				session = new HttpSessionState (id, dict, sobjs, 100, true, false,
-						SessionStateMode.SQLServer, false);
+				session = new HttpSessionState (id, dict, sobjs, 100, false, config.CookieLess,
+						SessionStateMode.SQLServer, read_only);
 				return session;
 			} catch {
 				throw;

mcs/class/System.Web/System.Web.SessionState/SessionStateModule.cs

@@ -4,7 +4,7 @@
 // Authors:
 //	Gonzalo Paniagua Javier ([email protected])
 //	Stefan Görling ([email protected])
-//      Jackson Harper ([email protected])
+//	Jackson Harper ([email protected])
 //
 // (C) 2002,2003 Ximian, Inc (http://www.ximian.com)
 // (C) 2003 Stefan Görling (http://www.gorling.se)
@@ -24,7 +24,8 @@ namespace System.Web.SessionState
 		static SessionConfig config;
 		static Type handlerType;
 		ISessionHandler handler;
-
+		bool read_only;
+		
 		private RandomNumberGenerator rng;
 		
 		public SessionStateModule ()
@@ -35,6 +36,11 @@ namespace System.Web.SessionState
 		internal RandomNumberGenerator Rng {
 			get { return rng; }
 		}
+
+		internal bool IsReadOnly
+		{
+			get { return read_only; }
+		}
 		
 		public void Dispose ()
 		{
@@ -110,6 +116,8 @@ namespace System.Web.SessionState
 			HttpApplication application = (HttpApplication) o;
 			HttpContext context = application.Context;
 
+			read_only = (context.Handler is IReadOnlySessionState);
+			
 			bool isNew = false;
 			if (handler != null)
 			    isNew = handler.UpdateContext (context, this);

mcs/class/System.Web/System.Web.SessionState/SessionStateServerHandler.cs

@@ -64,7 +64,7 @@ namespace System.Web.SessionState {
 					sobjs = HttpStaticObjectsCollection.FromByteArray (item.StaticObjectsData);
 					session = new HttpSessionState (id, dict, sobjs, 
 							config.Timeout, false, config.CookieLess,
-							SessionStateMode.StateServer, false);
+							SessionStateMode.StateServer, module.IsReadOnly);
 					context.SetSession (session);
 					return false;
 				}
@@ -78,12 +78,10 @@ namespace System.Web.SessionState {
 			state_server.Insert (id, item);
 
 			session = new HttpSessionState (id, dict, sobjs, config.Timeout,
-					false, config.CookieLess, SessionStateMode.StateServer, false);
+					true, config.CookieLess, SessionStateMode.StateServer, module.IsReadOnly);
 			
 			context.SetSession (session);
-			context.Session.IsNewSession = true;
-			context.Response.AppendCookie (new HttpCookie (CookieName, id));
-
+			
 			return true;
 		}