From 84065e26ca4555e63a922bb29b13b0a1c86b7654 Mon Sep 17 00:00:00 2001
From: Mark Thomas <markt@apache.org>
Date: Mon, 2 Dec 2024 18:09:44 +0000
Subject: [PATCH] Add a limit of 10 attributes per session to the session
 example

---
 webapps/docs/changelog.xml                    |  4 +
 .../WEB-INF/classes/SessionExample.java       | 94 ++++++++++++-------
 2 files changed, 64 insertions(+), 34 deletions(-)

diff --git a/webapps/docs/changelog.xml b/webapps/docs/changelog.xml
index 8d3b6900f6fb..84effc445c78 100644
--- a/webapps/docs/changelog.xml
+++ b/webapps/docs/changelog.xml
@@ -254,6 +254,10 @@
         Examples. Add the ability to delete session attributes in the servlet
         session example. (markt)
       </add>
+      <add>
+        Examples. Add a hard coded limit of 10 attributes per session for the
+        servlet session example. (markt)
+      </add>
     </changelog>
   </subsection>
   <subsection name = "Other">
diff --git a/webapps/examples/WEB-INF/classes/SessionExample.java b/webapps/examples/WEB-INF/classes/SessionExample.java
index b3de2f866956..60eaa2e03e4b 100644
--- a/webapps/examples/WEB-INF/classes/SessionExample.java
+++ b/webapps/examples/WEB-INF/classes/SessionExample.java
@@ -41,6 +41,9 @@ public class SessionExample extends HttpServlet {
 
     private static final long serialVersionUID = 1L;
 
+    private static final int SESSION_ATTRIBUTE_COUNT_LIMIT = 10;
+
+
     @Override
     public void doGet(HttpServletRequest request, HttpServletResponse response) throws IOException, ServletException {
         ResourceBundle rb = ResourceBundle.getBundle("LocalStrings", request.getLocale());
@@ -76,15 +79,34 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
         out.println(rb.getString("sessions.lastaccessed") + " ");
         out.println(new Date(session.getLastAccessedTime()));
 
+        // Count the existing attributes
+        int sessionAttributeCount = 0;
+        Enumeration<String> names = session.getAttributeNames();
+        while (names.hasMoreElements()) {
+            names.nextElement();
+            sessionAttributeCount++;
+        }
+
         String dataName = request.getParameter("dataname");
         String dataValue = request.getParameter("datavalue");
         if (dataName != null) {
-            session.setAttribute(dataName, dataValue);
+            if (dataValue == null) {
+                session.removeAttribute(dataName);
+                sessionAttributeCount--;
+            } else if (sessionAttributeCount < SESSION_ATTRIBUTE_COUNT_LIMIT) {
+                session.setAttribute(dataName, dataValue);
+                sessionAttributeCount++;
+            } else {
+                out.print("<p> Session attribute [");
+                out.print(HTMLFilter.filter(dataName));
+                out.print("] not added as there are already "+ SESSION_ATTRIBUTE_COUNT_LIMIT + " attributes in the ");
+                out.println("session. Delete an attribute before adding another.");
+            }
         }
 
-        out.println("<P>");
+        out.println("<p>");
         out.println(rb.getString("sessions.data") + "<br>");
-        Enumeration<String> names = session.getAttributeNames();
+        names = session.getAttributeNames();
         while (names.hasMoreElements()) {
             String name = names.nextElement();
             String value = session.getAttribute(name).toString();
@@ -96,37 +118,41 @@ public void doGet(HttpServletRequest request, HttpServletResponse response) thro
             out.println("<br>");
         }
 
-        out.println("<P>");
-        out.print("<form action=\"");
-        out.print(response.encodeURL("SessionExample"));
-        out.print("\" ");
-        out.println("method=POST>");
-        out.println(rb.getString("sessions.dataname"));
-        out.println("<input type=text size=20 name=dataname>");
-        out.println("<br>");
-        out.println(rb.getString("sessions.datavalue"));
-        out.println("<input type=text size=20 name=datavalue>");
-        out.println("<br>");
-        out.println("<input type=submit>");
-        out.println("</form>");
-
-        out.println("<P>GET based form:<br>");
-        out.print("<form action=\"");
-        out.print(response.encodeURL("SessionExample"));
-        out.print("\" ");
-        out.println("method=GET>");
-        out.println(rb.getString("sessions.dataname"));
-        out.println("<input type=text size=20 name=dataname>");
-        out.println("<br>");
-        out.println(rb.getString("sessions.datavalue"));
-        out.println("<input type=text size=20 name=datavalue>");
-        out.println("<br>");
-        out.println("<input type=submit>");
-        out.println("</form>");
-
-        out.print("<p><a href=\"");
-        out.print(HTMLFilter.filter(response.encodeURL("SessionExample?dataname=exampleName&datavalue=exampleValue")));
-        out.println("\" >URL encoded </a>");
+        if (sessionAttributeCount < SESSION_ATTRIBUTE_COUNT_LIMIT) {
+            out.println("<p>");
+            out.print("<form action=\"");
+            out.print(response.encodeURL("SessionExample"));
+            out.print("\" ");
+            out.println("method=POST>");
+            out.println(rb.getString("sessions.dataname"));
+            out.println("<input type=text size=20 name=dataname>");
+            out.println("<br>");
+            out.println(rb.getString("sessions.datavalue"));
+            out.println("<input type=text size=20 name=datavalue>");
+            out.println("<br>");
+            out.println("<input type=submit>");
+            out.println("</form>");
+
+            out.println("<p>GET based form:<br>");
+            out.print("<form action=\"");
+            out.print(response.encodeURL("SessionExample"));
+            out.print("\" ");
+            out.println("method=GET>");
+            out.println(rb.getString("sessions.dataname"));
+            out.println("<input type=text size=20 name=dataname>");
+            out.println("<br>");
+            out.println(rb.getString("sessions.datavalue"));
+            out.println("<input type=text size=20 name=datavalue>");
+            out.println("<br>");
+            out.println("<input type=submit>");
+            out.println("</form>");
+
+            out.print("<p><a href=\"");
+            out.print(HTMLFilter.filter(response.encodeURL("SessionExample?dataname=exampleName&datavalue=exampleValue")));
+            out.println("\" >URL encoded </a>");
+        } else {
+            out.print("<p>You may not add more than " + SESSION_ATTRIBUTE_COUNT_LIMIT + " attributes to this session.");
+        }
 
         out.println("</body>");
         out.println("</html>");