Use separate identifier for push connections (#9150)

By using a separate id we can avoid sending the sessions
CSRF token as a GET parameter when initializing a push connection.

Cherry-picked from #8700 to the 7.7 branch.

1 files changed, 9 insertions, 0 deletions

diff --git a/shared/src/main/java/com/vaadin/shared/ApplicationConstants.java b/shared/src/main/java/com/vaadin/shared/ApplicationConstants.java
index 8ce9cef2d5..2a2d4c8ccb 100644
--- a/shared/src/main/java/com/vaadin/shared/ApplicationConstants.java
+++ b/shared/src/main/java/com/vaadin/shared/ApplicationConstants.java
@@ -49,6 +49,8 @@ public class ApplicationConstants implements Serializable {
 
     public static final String UIDL_SECURITY_TOKEN_ID = "Vaadin-Security-Key";
 
+    public static final String UIDL_PUSH_ID = "Vaadin-Push-ID";
+
     @Deprecated
     public static final String UPDATE_VARIABLE_INTERFACE = "v";
     @Deprecated
@@ -109,6 +111,13 @@ public class ApplicationConstants implements Serializable {
     public static final String CSRF_TOKEN_PARAMETER = "v-csrfToken";
 
     /**
+     * Name of the parameter used to transmit the push connection identifier.
+     *
+     * @since 7.7.11
+     */
+    public static final String PUSH_ID_PARAMETER = "v-pushId";
+
+    /**
      * The name of the parameter used to transmit RPC invocations
      *
      * @since 7.2