org.apache.catalina.session

Class StandardSession

public class StandardSession extends Object implements HttpSession, Session, Serializable

Standard implementation of the Session interface. This object is serializable, so that it can be stored in persistent storage or transferred to a different JVM for distributable session support.

IMPLEMENTATION NOTE: An instance of this class represents both the internal (Session) and application level (HttpSession) view of the session. However, because the class itself is not declared public, Java logic outside of the org.apache.catalina.session package cannot cast an HttpSession view of this instance back to a Session view.

IMPLEMENTATION NOTE: If you add fields to this class, you must make sure that you carry them over in the read/writeObject methods so that this class is properly serialized.

Version: $Revision: 900131 $ $Date: 2010-01-17 13:46:53 +0100 (Sun, 17 Jan 2010) $

Author: Craig R. McClanahan Sean Legassick Jon S. Stevens

Field Summary
protected static booleanACTIVITY_CHECK
protected AtomicIntegeraccessCount
The access count for this session.
protected Mapattributes
The collection of user data attributes associated with this Session.
protected StringauthType
The authentication type used to authenticate our cached Principal, if any.
protected longcreationTime
The time this session was created, in milliseconds since midnight, January 1, 1970 GMT.
protected static String[]excludedAttributes
Set of attribute names which are not allowed to be persisted.
protected booleanexpiring
We are currently processing a session expiration, so bypass certain IllegalStateException tests.
protected static String[]EMPTY_ARRAY
Type array.
protected StandardSessionFacadefacade
The facade associated with this session.
protected Stringid
The session identifier of this Session.
protected static Stringinfo
Descriptive information describing this Session implementation.
protected booleanisNew
Flag indicating whether this session is new or not.
protected booleanisValid
Flag indicating whether this session is valid or not.
protected longlastAccessedTime
The last accessed time for this Session.
protected ArrayListlisteners
The session event listeners for this Session.
protected Managermanager
The Manager with which this Session is associated.
protected intmaxInactiveInterval
The maximum time interval, in seconds, between client requests before the servlet container may invalidate this session.
protected Mapnotes
Internal notes associated with this session by Catalina components and event listeners.
protected static StringNOT_SERIALIZED
The dummy attribute value serialized when a NotSerializableException is encountered in writeObject().
protected Principalprincipal
The authenticated Principal associated with this session, if any.
protected static HttpSessionContextsessionContext
The HTTP session context associated with this session.
protected static StringManagersm
The string manager for this package.
protected PropertyChangeSupportsupport
The property change support for this component.
protected longthisAccessedTime
The current accessed time for this session.
Constructor Summary
StandardSession(Manager manager)
Construct a new Session associated with the specified Manager.
Method Summary
voidaccess()
Update the accessed time information for this session.
voidactivate()
Perform internal processing required to activate this session.
voidaddSessionListener(SessionListener listener)
Add a session event listener to this component.
voidendAccess()
End the access.
protected booleanexclude(String name)
Exclude attribute that cannot be serialized.
voidexpire()
Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
voidexpire(boolean notify)
Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
protected voidfireContainerEvent(Context context, String type, Object data)
Fire container events if the Context implementation is the org.apache.catalina.core.StandardContext.
voidfireSessionEvent(String type, Object data)
Notify all session event listeners that a particular event has occurred for this Session.
ObjectgetAttribute(String name)
Return the object bound with the specified name in this session, or null if no object is bound with that name.
EnumerationgetAttributeNames()
Return an Enumeration of String objects containing the names of the objects bound to this session.
StringgetAuthType()
Return the authentication type used to authenticate our cached Principal, if any.
longgetCreationTime()
Return the time when this session was created, in milliseconds since midnight, January 1, 1970 GMT.
StringgetId()
Return the session identifier for this session.
StringgetIdInternal()
Return the session identifier for this session.
StringgetInfo()
Return descriptive information about this Session implementation and the corresponding version number, in the format <description>/<version>.
longgetLastAccessedTime()
Return the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT.
longgetLastAccessedTimeInternal()
Return the last client access time without invalidation check
ManagergetManager()
Return the Manager within which this Session is valid.
intgetMaxInactiveInterval()
Return the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session.
ObjectgetNote(String name)
Return the object bound with the specified name to the internal notes for this session, or null if no such binding exists.
IteratorgetNoteNames()
Return an Iterator containing the String names of all notes bindings that exist for this session.
PrincipalgetPrincipal()
Return the authenticated Principal that is associated with this Session.
ServletContextgetServletContext()
Return the ServletContext to which this session belongs.
HttpSessiongetSession()
Return the HttpSession for which this object is the facade.
HttpSessionContextgetSessionContext()
Return the session context with which this session is associated.
ObjectgetValue(String name)
Return the object bound with the specified name in this session, or null if no object is bound with that name.
String[]getValueNames()
Return the set of names of objects bound to this session.
voidinvalidate()
Invalidates this session and unbinds any objects bound to it.
booleanisNew()
Return true if the client does not yet know about the session, or if the client chooses not to join the session.
booleanisValid()
Return the isValid flag for this session.
protected booleanisValidInternal()
Return the isValid flag for this session without any expiration check.
protected String[]keys()
Return the names of all currently defined session attributes as an array of Strings.
voidpassivate()
Perform the internal processing required to passivate this session.
voidputValue(String name, Object value)
Bind an object to this session, using the specified name.
protected voidreadObject(ObjectInputStream stream)
Read a serialized version of this session object from the specified object input stream.
voidreadObjectData(ObjectInputStream stream)
Read a serialized version of the contents of this session object from the specified object input stream, without requiring that the StandardSession itself have been serialized.
voidrecycle()
Release all object references, and initialize instance variables, in preparation for reuse of this object.
voidremoveAttribute(String name)
Remove the object bound with the specified name from this session.
voidremoveAttribute(String name, boolean notify)
Remove the object bound with the specified name from this session.
protected voidremoveAttributeInternal(String name, boolean notify)
Remove the object bound with the specified name from this session.
voidremoveNote(String name)
Remove any object bound to the specified name in the internal notes for this session.
voidremoveSessionListener(SessionListener listener)
Remove a session event listener from this component.
voidremoveValue(String name)
Remove the object bound with the specified name from this session.
voidsetAttribute(String name, Object value)
Bind an object to this session, using the specified name.
voidsetAttribute(String name, Object value, boolean notify)
Bind an object to this session, using the specified name.
voidsetAuthType(String authType)
Set the authentication type used to authenticate our cached Principal, if any.
voidsetCreationTime(long time)
Set the creation time for this session.
voidsetId(String id)
Set the session identifier for this session.
voidsetManager(Manager manager)
Set the Manager within which this Session is valid.
voidsetMaxInactiveInterval(int interval)
Set the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session.
voidsetNew(boolean isNew)
Set the isNew flag for this session.
voidsetNote(String name, Object value)
Bind an object to a specified name in the internal notes associated with this session, replacing any existing binding for this name.
voidsetPrincipal(Principal principal)
Set the authenticated Principal that is associated with this Session.
voidsetValid(boolean isValid)
Set the isValid flag for this session.
voidtellNew()
Inform the listeners about the new session.
StringtoString()
Return a string representation of this object.
protected voidwriteObject(ObjectOutputStream stream)
Write a serialized version of this session object to the specified object output stream.
voidwriteObjectData(ObjectOutputStream stream)
Write a serialized version of the contents of this session object to the specified object output stream, without requiring that the StandardSession itself have been serialized.

Field Detail

ACTIVITY_CHECK

protected static final boolean ACTIVITY_CHECK

accessCount

protected transient AtomicInteger accessCount
The access count for this session.

attributes

protected Map attributes
The collection of user data attributes associated with this Session.

authType

protected transient String authType
The authentication type used to authenticate our cached Principal, if any. NOTE: This value is not included in the serialized version of this object.

creationTime

protected long creationTime
The time this session was created, in milliseconds since midnight, January 1, 1970 GMT.

excludedAttributes

protected static final String[] excludedAttributes
Set of attribute names which are not allowed to be persisted.

expiring

protected transient volatile boolean expiring
We are currently processing a session expiration, so bypass certain IllegalStateException tests. NOTE: This value is not included in the serialized version of this object.

EMPTY_ARRAY

protected static final String[] EMPTY_ARRAY
Type array.

facade

protected transient StandardSessionFacade facade
The facade associated with this session. NOTE: This value is not included in the serialized version of this object.

id

protected String id
The session identifier of this Session.

info

protected static final String info
Descriptive information describing this Session implementation.

isNew

protected boolean isNew
Flag indicating whether this session is new or not.

isValid

protected volatile boolean isValid
Flag indicating whether this session is valid or not.

lastAccessedTime

protected volatile long lastAccessedTime
The last accessed time for this Session.

listeners

protected transient ArrayList listeners
The session event listeners for this Session.

manager

protected transient Manager manager
The Manager with which this Session is associated.

maxInactiveInterval

protected int maxInactiveInterval
The maximum time interval, in seconds, between client requests before the servlet container may invalidate this session. A negative time indicates that the session should never time out.

notes

protected transient Map notes
Internal notes associated with this session by Catalina components and event listeners. IMPLEMENTATION NOTE: This object is not saved and restored across session serializations!

NOT_SERIALIZED

protected static final String NOT_SERIALIZED
The dummy attribute value serialized when a NotSerializableException is encountered in writeObject().

principal

protected transient Principal principal
The authenticated Principal associated with this session, if any. IMPLEMENTATION NOTE: This object is not saved and restored across session serializations!

sessionContext

protected static HttpSessionContext sessionContext
The HTTP session context associated with this session.

sm

protected static StringManager sm
The string manager for this package.

support

protected transient PropertyChangeSupport support
The property change support for this component. NOTE: This value is not included in the serialized version of this object.

thisAccessedTime

protected volatile long thisAccessedTime
The current accessed time for this session.

Constructor Detail

StandardSession

public StandardSession(Manager manager)
Construct a new Session associated with the specified Manager.

Parameters: manager The manager with which this Session is associated

Method Detail

access

public void access()
Update the accessed time information for this session. This method should be called by the context when a request comes in for a particular session, even if the application does not reference it.

activate

public void activate()
Perform internal processing required to activate this session.

addSessionListener

public void addSessionListener(SessionListener listener)
Add a session event listener to this component.

endAccess

public void endAccess()
End the access.

exclude

protected boolean exclude(String name)
Exclude attribute that cannot be serialized.

Parameters: name the attribute's name

expire

public void expire()
Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.

expire

public void expire(boolean notify)
Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.

Parameters: notify Should we notify listeners about the demise of this session?

fireContainerEvent

protected void fireContainerEvent(Context context, String type, Object data)
Fire container events if the Context implementation is the org.apache.catalina.core.StandardContext.

Parameters: context Context for which to fire events type Event type data Event data

Throws: Exception occurred during event firing

fireSessionEvent

public void fireSessionEvent(String type, Object data)
Notify all session event listeners that a particular event has occurred for this Session. The default implementation performs this notification synchronously using the calling thread.

Parameters: type Event type data Event data

getAttribute

public Object getAttribute(String name)
Return the object bound with the specified name in this session, or null if no object is bound with that name.

Parameters: name Name of the attribute to be returned

Throws: IllegalStateException if this method is called on an invalidated session

getAttributeNames

public Enumeration getAttributeNames()
Return an Enumeration of String objects containing the names of the objects bound to this session.

Throws: IllegalStateException if this method is called on an invalidated session

getAuthType

public String getAuthType()
Return the authentication type used to authenticate our cached Principal, if any.

getCreationTime

public long getCreationTime()
Return the time when this session was created, in milliseconds since midnight, January 1, 1970 GMT.

Throws: IllegalStateException if this method is called on an invalidated session

getId

public String getId()
Return the session identifier for this session.

getIdInternal

public String getIdInternal()
Return the session identifier for this session.

getInfo

public String getInfo()
Return descriptive information about this Session implementation and the corresponding version number, in the format <description>/<version>.

getLastAccessedTime

public long getLastAccessedTime()
Return the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT. Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time.

getLastAccessedTimeInternal

public long getLastAccessedTimeInternal()
Return the last client access time without invalidation check

See Also: .

getManager

public Manager getManager()
Return the Manager within which this Session is valid.

getMaxInactiveInterval

public int getMaxInactiveInterval()
Return the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session. A negative time indicates that the session should never time out.

getNote

public Object getNote(String name)
Return the object bound with the specified name to the internal notes for this session, or null if no such binding exists.

Parameters: name Name of the note to be returned

getNoteNames

public Iterator getNoteNames()
Return an Iterator containing the String names of all notes bindings that exist for this session.

getPrincipal

public Principal getPrincipal()
Return the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request. If there is no current associated Principal, return null.

getServletContext

public ServletContext getServletContext()
Return the ServletContext to which this session belongs.

getSession

public HttpSession getSession()
Return the HttpSession for which this object is the facade.

getSessionContext

public HttpSessionContext getSessionContext()

Deprecated: As of Version 2.1, this method is deprecated and has no replacement. It will be removed in a future version of the Java Servlet API.

Return the session context with which this session is associated.

getValue

public Object getValue(String name)

Deprecated: As of Version 2.2, this method is replaced by getAttribute()

Return the object bound with the specified name in this session, or null if no object is bound with that name.

Parameters: name Name of the value to be returned

Throws: IllegalStateException if this method is called on an invalidated session

getValueNames

public String[] getValueNames()

Deprecated: As of Version 2.2, this method is replaced by getAttributeNames()

Return the set of names of objects bound to this session. If there are no such objects, a zero-length array is returned.

Throws: IllegalStateException if this method is called on an invalidated session

invalidate

public void invalidate()
Invalidates this session and unbinds any objects bound to it.

Throws: IllegalStateException if this method is called on an invalidated session

isNew

public boolean isNew()
Return true if the client does not yet know about the session, or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client has disabled the use of cookies, then a session would be new on each request.

Throws: IllegalStateException if this method is called on an invalidated session

isValid

public boolean isValid()
Return the isValid flag for this session.

isValidInternal

protected boolean isValidInternal()
Return the isValid flag for this session without any expiration check.

keys

protected String[] keys()
Return the names of all currently defined session attributes as an array of Strings. If there are no defined attributes, a zero-length array is returned.

passivate

public void passivate()
Perform the internal processing required to passivate this session.

putValue

public void putValue(String name, Object value)

Deprecated: As of Version 2.2, this method is replaced by setAttribute()

Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

Parameters: name Name to which the object is bound, cannot be null value Object to be bound, cannot be null

Throws: IllegalStateException if this method is called on an invalidated session

readObject

protected void readObject(ObjectInputStream stream)
Read a serialized version of this session object from the specified object input stream.

IMPLEMENTATION NOTE: The reference to the owning Manager is not restored by this method, and must be set explicitly.

Parameters: stream The input stream to read from

Throws: ClassNotFoundException if an unknown class is specified IOException if an input/output error occurs

readObjectData

public void readObjectData(ObjectInputStream stream)
Read a serialized version of the contents of this session object from the specified object input stream, without requiring that the StandardSession itself have been serialized.

Parameters: stream The object input stream to read from

Throws: ClassNotFoundException if an unknown class is specified IOException if an input/output error occurs

recycle

public void recycle()
Release all object references, and initialize instance variables, in preparation for reuse of this object.

removeAttribute

public void removeAttribute(String name)
Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

Parameters: name Name of the object to remove from this session.

Throws: IllegalStateException if this method is called on an invalidated session

removeAttribute

public void removeAttribute(String name, boolean notify)
Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

Parameters: name Name of the object to remove from this session. notify Should we notify interested listeners that this attribute is being removed?

Throws: IllegalStateException if this method is called on an invalidated session

removeAttributeInternal

protected void removeAttributeInternal(String name, boolean notify)
Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

Parameters: name Name of the object to remove from this session. notify Should we notify interested listeners that this attribute is being removed?

removeNote

public void removeNote(String name)
Remove any object bound to the specified name in the internal notes for this session.

Parameters: name Name of the note to be removed

removeSessionListener

public void removeSessionListener(SessionListener listener)
Remove a session event listener from this component.

removeValue

public void removeValue(String name)

Deprecated: As of Version 2.2, this method is replaced by removeAttribute()

Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

Parameters: name Name of the object to remove from this session.

Throws: IllegalStateException if this method is called on an invalidated session

setAttribute

public void setAttribute(String name, Object value)
Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

Parameters: name Name to which the object is bound, cannot be null value Object to be bound, cannot be null

Throws: IllegalArgumentException if an attempt is made to add a non-serializable object in an environment marked distributable. IllegalStateException if this method is called on an invalidated session

setAttribute

public void setAttribute(String name, Object value, boolean notify)
Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

Parameters: name Name to which the object is bound, cannot be null value Object to be bound, cannot be null notify whether to notify session listeners

Throws: IllegalArgumentException if an attempt is made to add a non-serializable object in an environment marked distributable. IllegalStateException if this method is called on an invalidated session

setAuthType

public void setAuthType(String authType)
Set the authentication type used to authenticate our cached Principal, if any.

Parameters: authType The new cached authentication type

setCreationTime

public void setCreationTime(long time)
Set the creation time for this session. This method is called by the Manager when an existing Session instance is reused.

Parameters: time The new creation time

setId

public void setId(String id)
Set the session identifier for this session.

Parameters: id The new session identifier

setManager

public void setManager(Manager manager)
Set the Manager within which this Session is valid.

Parameters: manager The new Manager

setMaxInactiveInterval

public void setMaxInactiveInterval(int interval)
Set the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session. A negative time indicates that the session should never time out.

Parameters: interval The new maximum interval

setNew

public void setNew(boolean isNew)
Set the isNew flag for this session.

Parameters: isNew The new value for the isNew flag

setNote

public void setNote(String name, Object value)
Bind an object to a specified name in the internal notes associated with this session, replacing any existing binding for this name.

Parameters: name Name to which the object should be bound value Object to be bound to the specified name

setPrincipal

public void setPrincipal(Principal principal)
Set the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request.

Parameters: principal The new Principal, or null if none

setValid

public void setValid(boolean isValid)
Set the isValid flag for this session.

Parameters: isValid The new value for the isValid flag

tellNew

public void tellNew()
Inform the listeners about the new session.

toString

public String toString()
Return a string representation of this object.

writeObject

protected void writeObject(ObjectOutputStream stream)
Write a serialized version of this session object to the specified object output stream.

IMPLEMENTATION NOTE: The owning Manager will not be stored in the serialized representation of this Session. After calling readObject(), you must set the associated Manager explicitly.

IMPLEMENTATION NOTE: Any attribute that is not Serializable will be unbound from the session, with appropriate actions if it implements HttpSessionBindingListener. If you do not want any such attributes, be sure the distributable property of the associated Manager is set to true.

Parameters: stream The output stream to write to

Throws: IOException if an input/output error occurs

writeObjectData

public void writeObjectData(ObjectOutputStream stream)
Write a serialized version of the contents of this session object to the specified object output stream, without requiring that the StandardSession itself have been serialized.

Parameters: stream The object output stream to write to

Throws: IOException if an input/output error occurs

Copyright © 2000-2011 Apache Software Foundation. All Rights Reserved.