public interface Session
Session
is a stateful data context associated with a single Subject (user, daemon process,
etc) who interacts with a software system over a period of time.
A Session
is intended to be managed by the business tier and accessible via other
tiers without being tied to any given client technology. This is a great benefit to Java
systems, since until now, the only viable session mechanisms were the
javax.servlet.http.HttpSession
or Stateful Session EJB's, which many times
unnecessarily coupled applications to web or ejb technologies.Modifier and Type | Method and Description |
---|---|
Object |
getAttribute(Object key)
Returns the object bound to this session identified by the specified key.
|
Collection<Object> |
getAttributeKeys()
Returns the keys of all the attributes stored under this session.
|
String |
getHost()
Returns the host name or IP string of the host that originated this session, or
null
if the host is unknown. |
Serializable |
getId()
Returns the unique identifier assigned by the system upon session creation.
|
Date |
getLastAccessTime()
Returns the last time the application received a request or method invocation from the user associated
with this session.
|
Date |
getStartTimestamp()
Returns the time the session was started; that is, the time the system created the instance.
|
long |
getTimeout()
Returns the time in milliseconds that the session session may remain idle before expiring.
|
Object |
removeAttribute(Object key)
Removes (unbinds) the object bound to this session under the specified
key name. |
void |
setAttribute(Object key,
Object value)
Binds the specified
value to this session, uniquely identified by the specifed
key name. |
void |
setTimeout(long maxIdleTimeInMillis)
Sets the time in milliseconds that the session may remain idle before expiring.
|
void |
stop()
Explicitly stops (invalidates) this session and releases all associated resources.
|
void |
touch()
Explicitly updates the
lastAccessTime of this session to the current time when
this method is invoked. |
Serializable getId()
toString()
,
equals()
, and hashCode()
implementations. Good candidates for such
an identifier are UUID
s, Integer
s, and
String
s.Date getStartTimestamp()
Date getLastAccessTime()
touch()
long getTimeout() throws InvalidSessionException
HttpSession
's getMaxInactiveInterval()
method, the scale on
this method is different: Shiro Sessions use millisecond values for timeout whereas
HttpSession.getMaxInactiveInterval
uses seconds. Always use millisecond values with Shiro sessions.InvalidSessionException
- if the session has been stopped or expired prior to calling this method.void setTimeout(long maxIdleTimeInMillis) throws InvalidSessionException
HttpSession
's getMaxInactiveInterval()
method, the scale on
this method is different: Shiro Sessions use millisecond values for timeout whereas
HttpSession.getMaxInactiveInterval
uses seconds. Always use millisecond values with Shiro sessions.maxIdleTimeInMillis
- the time in milliseconds that the session may remain idle before expiring.InvalidSessionException
- if the session has been stopped or expired prior to calling this method.String getHost()
null
if the host is unknown.null
if the host address is unknown.void touch() throws InvalidSessionException
lastAccessTime
of this session to the current time when
this method is invoked. This method can be used to ensure a session does not time out.
Most programmers won't use this method directly and will instead rely on the last access time to be updated
automatically as a result of an incoming web request or remote procedure call/method invocation.
However, this method is particularly useful when supporting rich-client applications such as
Java Web Start appp, Java or Flash applets, etc. Although rare, it is possible in a rich-client
environment that a user continuously interacts with the client-side application without a
server-side method call ever being invoked. If this happens over a long enough period of
time, the user's server-side session could time-out. Again, such cases are rare since most
rich-clients frequently require server-side method invocations.
In this example though, the user's session might still be considered valid because
the user is actively "using" the application, just not communicating with the
server. But because no server-side method calls are invoked, there is no way for the server
to know if the user is sitting idle or not, so it must assume so to maintain session
integrity. This touch()
method could be invoked by the rich-client application code during those
times to ensure that the next time a server-side method is invoked, the invocation will not
throw an ExpiredSessionException
. In short terms, it could be used periodically
to ensure a session does not time out.
How often this rich-client "maintenance" might occur is entirely dependent upon
the application and would be based on variables such as session timeout configuration,
usage characteristics of the client application, network utilization and application server
performance.InvalidSessionException
- if this session has stopped or expired prior to calling this method.void stop() throws InvalidSessionException
Subject
that
owns this session has logged-in), calling this method explicitly might have undesired side effects:
It is common for a Subject
implementation to retain authentication state in the
Session
. If the session
is explicitly stopped by application code by calling this method directly, it could clear out any
authentication state that might exist, thereby effectively "unauthenticating" the Subject
.
As such, you might consider logging-out
the 'owning'
Subject
instead of manually calling this method, as a log out is expected to stop the
corresponding session automatically, and also allows framework code to execute additional cleanup logic.InvalidSessionException
- if this session has stopped or expired prior to calling this method.Collection<Object> getAttributeKeys() throws InvalidSessionException
InvalidSessionException
- if this session has stopped or expired prior to calling this method.Object getAttribute(Object key) throws InvalidSessionException
null
is returned.key
- the unique name of the object bound to this sessionkey
name or null
if there is
no object bound under that name.InvalidSessionException
- if this session has stopped or expired prior to calling
this method.void setAttribute(Object key, Object value) throws InvalidSessionException
value
to this session, uniquely identified by the specifed
key
name. If there is already an object bound under the key
name, that
existing object will be replaced by the new value
.
If the value
parameter is null, it has the same effect as if
removeAttribute
was called.key
- the name under which the value
object will be bound in this sessionvalue
- the object to bind in this session.InvalidSessionException
- if this session has stopped or expired prior to calling
this method.Object removeAttribute(Object key) throws InvalidSessionException
key
name.key
- the name uniquely identifying the object to removenull
if there was no object bound under the name
key
.InvalidSessionException
- if this session has stopped or expired prior to calling
this method.Copyright © 2004-2016 The Apache Software Foundation. All Rights Reserved.