1. import java.util.HashMap;
  2. import java.util.Map;
  3. import java.util.concurrent.ConcurrentHashMap;
  4. import java.util.concurrent.atomic.AtomicInteger;
  6. public class SessionCookieValidator {
  8. private static final int MAX_REQUESTS_PER_MINUTE = 100; // Rate limit
  9. private static final Map<String, AtomicInteger> requestCounts = new ConcurrentHashMap<>(); // Track requests per host
  10. private static final Map<String, Long> lastRequestTimes = new ConcurrentHashMap<>(); // Track last request time
  12. public static boolean validateSessionCookie(String requestHost, String sessionCookie) {
  14. // Get current time
  15. long currentTime = System.currentTimeMillis();
  17. // Check rate limit
  18. if (requestCounts.containsKey(requestHost)) {
  19. long lastTime = lastRequestTimes.get(requestHost);
  20. if (lastTime != null && currentTime - lastTime < 60000) { // 60000ms = 1 minute
  21. // Rate limit exceeded
  22. return false;
  23. }
  24. }
  26. // Update request count and last request time
  27. requestCounts.computeIfAbsent(requestHost, k -> new AtomicInteger(0)).incrementAndGet();
  28. lastRequestTimes.put(requestHost, currentTime);
  30. // Validate session cookie (replace with your actual validation logic)
  31. if (sessionCookie == null || sessionCookie.isEmpty()) {
  32. return false; // Invalid cookie
  33. }
  35. // Example validation: Check for specific attributes or expiration
  36. if (!sessionCookie.contains("valid_session")) {
  37. return false; // Invalid cookie format
  38. }
  40. // Reset request count after a certain time (e.g., 1 minute)
  41. // This can be done periodically in a separate thread.
  42. // For simplicity, we don't do it here.
  44. return true; // Cookie is valid
  45. }
  47. public static void main(String[] args) {
  48. // Example Usage
  49. String host = "staging.example.com";
  50. String cookie1 = "valid_session=true;other=value";
  51. String cookie2 = null;
  52. String cookie3 = "invalid_session";
  54. System.out.println("Cookie 1 is valid: " + validateSessionCookie(host, cookie1)); // Expected: true
  55. System.out.println("Cookie 2 is valid: " + validateSessionCookie(host, cookie2)); // Expected: false
  56. System.out.println("Cookie 3 is valid: " + validateSessionCookie(host, cookie3)); // Expected: false
  58. // Simulate rate limiting
  59. for (int i = 0; i < MAX_REQUESTS_PER_MINUTE + 5; i++) {
  60. System.out.println("Request " + (i + 1) + ": " + validateSessionCookie(host, cookie1));
  61. }
  62. }
  63. }

Add your comment