org.eclipse.jetty.server.session

Class Session

java.lang.Object

org.eclipse.jetty.server.session.Session

All Implemented Interfaces:

HttpSession, SessionHandler.SessionIf

Direct Known Subclasses:

AbstractSessionCache.PlaceHolderSession

public class Session
extends Object
implements SessionHandler.SessionIf

Session A heavy-weight Session object representing a HttpSession. Session objects relating to a context are kept in a SessionCache. The purpose of the SessionCache is to keep the working set of Session objects in memory so that they may be accessed quickly, and facilitate the sharing of a Session object amongst multiple simultaneous requests referring to the same session id. The SessionHandler coordinates the lifecycle of Session objects with the help of the SessionCache.

See Also:

SessionHandler, SessionIdManager

Nested Class Summary

Nested Classes

Modifier and Type	Class and Description
class	Session.SessionInactivityTimeout SessionInactivityTimeout Each Session has a timer associated with it that fires whenever it has been idle (ie not referenced by a request) for a configurable amount of time, or the Session expires.
static class	Session.State State Validity states of a session

Field Summary

Fields

Modifier and Type	Field and Description
protected String	_extendedId
protected SessionHandler	_handler
protected boolean	_idChanged
protected Locker	_lock
protected boolean	_newSession
protected long	_requests
protected boolean	_resident
protected SessionData	_sessionData
protected Session.SessionInactivityTimeout	_sessionInactivityTimer
protected Session.State	_state
static String	SESSION_CREATED_SECURE

Constructor Summary

Constructors

Constructor and Description
Session(SessionHandler handler, HttpServletRequest request, SessionData data) Create a new session
Session(SessionHandler handler, SessionData data) Re-inflate an existing session from some eg persistent store.

Method Summary

Modifier and Type	Method and Description
protected boolean	access(long time)
protected boolean	beginInvalidate()
void	bindValue(String name, Object value) Bind value if value implements HttpSessionBindingListener (calls HttpSessionBindingListener.valueBound(HttpSessionBindingEvent))
protected void	callSessionAttributeListeners(String name, Object newValue, Object oldValue) Call binding and attribute listeners based on the new and old values of the attribute.
protected void	checkLocked()
protected void	checkValidForRead() Chech that the session data can be read.
protected void	checkValidForWrite() Check that the session can be modified.
protected void	complete()
protected void	cookieSet()
void	didActivate() Call the activation listeners.
protected void	doInvalidate() Deprecated.
protected void	finishInvalidate() Call HttpSessionAttributeListeners as part of invalidating a Session.
Object	getAttribute(String name)
Enumeration<String>	getAttributeNames()
int	getAttributes()
String	getContextPath()
long	getCookieSetTime()
long	getCreationTime()
String	getExtendedId()
String	getId()
long	getLastAccessedTime()
int	getMaxInactiveInterval()
Set<String>	getNames()
long	getRequests() Returns the current number of requests that are active in the Session.
ServletContext	getServletContext()
Session	getSession()
HttpSessionContext	getSessionContext() Deprecated.
protected SessionData	getSessionData()
SessionHandler	getSessionHandler()
Object	getValue(String name) Deprecated.
String[]	getValueNames() Deprecated. As of Version 2.2, this method is replaced by getAttributeNames()
String	getVHost()
void	invalidate() Called by users to invalidate a session, or called by the access method as a request enters the session if the session has expired, or called by manager as a result of scavenger expiring session
protected boolean	isExpiredAt(long time) Check to see if session has expired as at the time given.
boolean	isIdChanged()
protected boolean	isIdleLongerThan(int sec) Check if the Session has been idle longer than a number of seconds.
boolean	isNew()
boolean	isResident()
boolean	isValid()
Locker.Lock	lock() Grab the lock on the session
Locker.Lock	lockIfNotHeld() Grab the lock on the session if it isn't locked already
void	putValue(String name, Object value) Deprecated.
void	removeAttribute(String name)
void	removeValue(String name) Deprecated.
void	renewId(HttpServletRequest request) Force a change to the id of a session.
void	setAttribute(String name, Object value)
void	setExtendedId(String extendedId)
void	setIdChanged(boolean changed)
void	setMaxInactiveInterval(int secs)
void	setResident(boolean resident)
void	stopInactivityTimer()
void	unbindValue(String name, Object value) Unbind value if value implements HttpSessionBindingListener (calls HttpSessionBindingListener.valueUnbound(HttpSessionBindingEvent))
void	updateInactivityTimer() Set the inactivity timer to the smaller of the session maxInactivity (ie session-timeout from web.xml), or the inactive eviction time.
void	willPassivate() Call the passivation listeners.

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Field Detail

SESSION_CREATED_SECURE

public static final String SESSION_CREATED_SECURE

See Also:

Constant Field Values

_sessionData

protected SessionData _sessionData

_handler

protected SessionHandler _handler

_extendedId

protected String _extendedId

_requests

protected long _requests

_idChanged

protected boolean _idChanged

_newSession

protected boolean _newSession

_state

protected Session.State _state

_lock

protected Locker _lock

_resident

protected boolean _resident

_sessionInactivityTimer

protected Session.SessionInactivityTimeout _sessionInactivityTimer

Constructor Detail

Session

public Session(SessionHandler handler,
               HttpServletRequest request,
               SessionData data)

Create a new session

Parameters:

handler - the SessionHandler that manages this session

request - the request the session should be based on

data - the session data

Session

public Session(SessionHandler handler,
               SessionData data)

Re-inflate an existing session from some eg persistent store.

Parameters:

handler - the SessionHandler managing the session

data - the session data

Method Detail

getRequests

public long getRequests()

Returns the current number of requests that are active in the Session.

Returns:

the number of active requests for this session

setExtendedId

public void setExtendedId(String extendedId)

cookieSet

protected void cookieSet()

access

protected boolean access(long time)

complete

protected void complete()

isExpiredAt

protected boolean isExpiredAt(long time)

Check to see if session has expired as at the time given.

Parameters:

time - the time since the epoch in ms

Returns:

true if expired

isIdleLongerThan

protected boolean isIdleLongerThan(int sec)

Check if the Session has been idle longer than a number of seconds.

Parameters:

sec - the number of seconds

Returns:

true if the session has been idle longer than the interval

callSessionAttributeListeners

protected void callSessionAttributeListeners(String name,
                                             Object newValue,
                                             Object oldValue)

Call binding and attribute listeners based on the new and old values of the attribute.

Parameters:

name - name of the attribute

newValue - new value of the attribute

oldValue - previous value of the attribute

unbindValue

public void unbindValue(String name,
                        Object value)

Unbind value if value implements HttpSessionBindingListener (calls HttpSessionBindingListener.valueUnbound(HttpSessionBindingEvent))

Parameters:

name - the name with which the object is bound or unbound

value - the bound value

bindValue

public void bindValue(String name,
                      Object value)

Bind value if value implements HttpSessionBindingListener (calls HttpSessionBindingListener.valueBound(HttpSessionBindingEvent))

Parameters:

name - the name with which the object is bound or unbound

value - the bound value

didActivate

public void didActivate()

Call the activation listeners. This must be called holding the lock.

willPassivate

public void willPassivate()

Call the passivation listeners. This must be called holding the lock

isValid

public boolean isValid()

getCookieSetTime

public long getCookieSetTime()

getCreationTime

public long getCreationTime()
                     throws IllegalStateException

Specified by:

getCreationTime in interface HttpSession

Throws:

IllegalStateException

getId

public String getId()

Specified by:

getId in interface HttpSession

See Also:

HttpSession.getId()

getExtendedId

public String getExtendedId()

getContextPath

public String getContextPath()

getVHost

public String getVHost()

getLastAccessedTime

public long getLastAccessedTime()

Specified by:

getLastAccessedTime in interface HttpSession

See Also:

HttpSession.getLastAccessedTime()

getServletContext

public ServletContext getServletContext()

Specified by:

getServletContext in interface HttpSession

See Also:

HttpSession.getServletContext()

setMaxInactiveInterval

public void setMaxInactiveInterval(int secs)

Specified by:

setMaxInactiveInterval in interface HttpSession

See Also:

HttpSession.setMaxInactiveInterval(int)

updateInactivityTimer

public void updateInactivityTimer()

Set the inactivity timer to the smaller of the session maxInactivity (ie session-timeout from web.xml), or the inactive eviction time.

stopInactivityTimer

public void stopInactivityTimer()

getMaxInactiveInterval

public int getMaxInactiveInterval()

Specified by:

getMaxInactiveInterval in interface HttpSession

See Also:

HttpSession.getMaxInactiveInterval()

getSessionContext

@Deprecated
public HttpSessionContext getSessionContext()

Deprecated.

Specified by:

getSessionContext in interface HttpSession

See Also:

HttpSession.getSessionContext()

getSessionHandler

public SessionHandler getSessionHandler()

checkValidForWrite

protected void checkValidForWrite()
                           throws IllegalStateException

Check that the session can be modified.

Throws:

IllegalStateException - if the session is invalid

checkValidForRead

protected void checkValidForRead()
                          throws IllegalStateException

Chech that the session data can be read.

Throws:

IllegalStateException - if the session is invalid

checkLocked

protected void checkLocked()
                    throws IllegalStateException

Throws:

IllegalStateException

getAttribute

public Object getAttribute(String name)

Specified by:

getAttribute in interface HttpSession

See Also:

HttpSession.getAttribute(java.lang.String)

getValue

@Deprecated
public Object getValue(String name)

Deprecated.

Specified by:

getValue in interface HttpSession

See Also:

HttpSession.getValue(java.lang.String)

getAttributeNames

public Enumeration<String> getAttributeNames()

Specified by:

getAttributeNames in interface HttpSession

See Also:

HttpSession.getAttributeNames()

getAttributes

public int getAttributes()

getNames

public Set<String> getNames()

getValueNames

@Deprecated
public String[] getValueNames()
                                   throws IllegalStateException

Deprecated. As of Version 2.2, this method is replaced by getAttributeNames()

Specified by:

getValueNames in interface HttpSession

Throws:

IllegalStateException

setAttribute

public void setAttribute(String name,
                         Object value)

Specified by:

setAttribute in interface HttpSession

See Also:

HttpSession.setAttribute(java.lang.String, java.lang.Object)

putValue

@Deprecated
public void putValue(String name,
                                 Object value)

Deprecated.

Specified by:

putValue in interface HttpSession

See Also:

HttpSession.putValue(java.lang.String, java.lang.Object)

removeAttribute

public void removeAttribute(String name)

Specified by:

removeAttribute in interface HttpSession

See Also:

HttpSession.removeAttribute(java.lang.String)

removeValue

@Deprecated
public void removeValue(String name)

Deprecated.

Specified by:

removeValue in interface HttpSession

See Also:

HttpSession.removeValue(java.lang.String)

renewId

public void renewId(HttpServletRequest request)

Force a change to the id of a session.

Parameters:

request - the Request associated with the call to change id.

invalidate

public void invalidate()

Called by users to invalidate a session, or called by the access method as a request enters the session if the session has expired, or called by manager as a result of scavenger expiring session

Specified by:

invalidate in interface HttpSession

See Also:

HttpSession.invalidate()

lock

public Locker.Lock lock()

Grab the lock on the session

Returns:

the lock

lockIfNotHeld

public Locker.Lock lockIfNotHeld()

Grab the lock on the session if it isn't locked already

Returns:

the lock

beginInvalidate

protected boolean beginInvalidate()

Returns:

true if the session is not already invalid or being invalidated.

doInvalidate

@Deprecated
protected void doInvalidate()
                                 throws IllegalStateException

Deprecated.

Call HttpSessionAttributeListeners as part of invalidating a Session.

Throws:

IllegalStateException

finishInvalidate

protected void finishInvalidate()
                         throws IllegalStateException

Call HttpSessionAttributeListeners as part of invalidating a Session.

Throws:

IllegalStateException

isNew

public boolean isNew()
              throws IllegalStateException

Specified by:

isNew in interface HttpSession

Throws:

IllegalStateException

setIdChanged

public void setIdChanged(boolean changed)

isIdChanged

public boolean isIdChanged()

getSession

public Session getSession()

Specified by:

getSession in interface SessionHandler.SessionIf

getSessionData

protected SessionData getSessionData()

setResident

public void setResident(boolean resident)

isResident

public boolean isResident()