org.apache.catalina.session

Class StandardSession

Implemented Interfaces:
HttpSession, Serializable, Session

public class StandardSession
extends java.lang.Object
implements HttpSession, Session, Serializable

Standard implementation of the Session interface. This object is serializable, so that it can be stored in persistent storage or transferred to a different JVM for distributable session support.

IMPLEMENTATION NOTE: An instance of this class represents both the internal (Session) and application level (HttpSession) view of the session. However, because the class itself is not declared public, Java logic outside of the org.apache.catalina.session package cannot cast an HttpSession view of this instance back to a Session view.

IMPLEMENTATION NOTE: If you add fields to this class, you must make sure that you carry them over in the read/writeObject methods so that this class is properly serialized.

Please note two sessions are only considered equal if they are "reference-equal." There is no equals() method implementation.

Version:
$Revision: 1.44.2.2 $ $Date: 2004/11/18 22:13:36 $

Authors:
Craig R. McClanahan
Sean Legassick
Jon S. Stevens

Field Summary

protected static String[]
EMPTY_ARRAY
Type array.
protected static String
NOT_SERIALIZED
The dummy attribute value serialized when a NotSerializableException is encountered in writeObject().
protected int
accessCount
The access count for this session.
protected HashMap
attributes
The collection of user data attributes associated with this Session.
protected String
authType
The authentication type used to authenticate our cached Principal, if any.
protected Method
containerEventMethod
The java.lang.Method for the fireContainerEvent() method of the org.apache.catalina.core.StandardContext method, if our Context implementation is of this class.
protected static Class[]
containerEventTypes
The method signature for the fireContainerEvent method.
protected long
creationTime
The time this session was created, in milliseconds since midnight, January 1, 1970 GMT.
protected int
debug
The debugging detail level for this component.
protected boolean
expiring
We are currently processing a session expiration, so bypass certain IllegalStateException tests.
protected StandardSessionFacade
facade
The facade associated with this session.
protected String
id
The session identifier of this Session.
protected static String
info
Descriptive information describing this Session implementation.
protected boolean
isNew
Flag indicating whether this session is new or not.
protected boolean
isValid
Flag indicating whether this session is valid or not.
protected long
lastAccessedTime
The last accessed time for this Session.
protected ArrayList
listeners
The session event listeners for this Session.
protected Manager
manager
The Manager with which this Session is associated.
protected int
maxInactiveInterval
The maximum time interval, in seconds, between client requests before the servlet container may invalidate this session.
protected HashMap
notes
Internal notes associated with this session by Catalina components and event listeners.
protected Principal
principal
The authenticated Principal associated with this session, if any.
protected static HttpSessionContext
sessionContext
The HTTP session context associated with this session.
protected static StringManager
sm
The string manager for this package.
protected PropertyChangeSupport
support
The property change support for this component.
protected long
thisAccessedTime
The current accessed time for this session.

Fields inherited from interface org.apache.catalina.Session

SESSION_CREATED_EVENT, SESSION_DESTROYED_EVENT

Constructor Summary

StandardSession(Manager manager)
Construct a new Session associated with the specified Manager.

Method Summary

void
access()
Update the accessed time information for this session.
void
activate()
Perform internal processing required to activate this session.
void
addSessionListener(SessionListener listener)
Add a session event listener to this component.
void
endAccess()
End the access.
protected void
evaluateIfValid()
protected boolean
exclude(String name)
Exclude attribute that cannot be serialized.
void
expire()
Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
void
expire(boolean notify)
Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
protected void
fireContainerEvent(Context context, String type, Object data)
Fire container events if the Context implementation is the org.apache.catalina.core.StandardContext.
void
fireSessionEvent(String type, Object data)
Notify all session event listeners that a particular event has occurred for this Session.
Object
getAttribute(String name)
Return the object bound with the specified name in this session, or null if no object is bound with that name.
protected Object
getAttributeInternal(String name)
Return the value of an attribute without a check for validity.
Enumeration
getAttributeNames()
Return an Enumeration of String objects containing the names of the objects bound to this session.
String
getAuthType()
Return the authentication type used to authenticate our cached Principal, if any.
long
getCreationTime()
Return the time when this session was created, in milliseconds since midnight, January 1, 1970 GMT.
String
getId()
Return the session identifier for this session.
String
getInfo()
Return descriptive information about this Session implementation and the corresponding version number, in the format <description>/<version>.
long
getLastAccessedTime()
Return the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT.
Manager
getManager()
Return the Manager within which this Session is valid.
int
getMaxInactiveInterval()
Return the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session.
Object
getNote(String name)
Return the object bound with the specified name to the internal notes for this session, or null if no such binding exists.
Iterator
getNoteNames()
Return an Iterator containing the String names of all notes bindings that exist for this session.
Principal
getPrincipal()
Return the authenticated Principal that is associated with this Session.
ServletContext
getServletContext()
Return the ServletContext to which this session belongs.
HttpSession
getSession()
Return the HttpSession for which this object is the facade.
HttpSessionContext
getSessionContext()
Deprecated. As of Version 2.1, this method is deprecated and has no replacement.
Object
getValue(String name)
Deprecated. As of Version 2.2, this method is replaced by getAttribute()
String[]
getValueNames()
Deprecated. As of Version 2.2, this method is replaced by getAttributeNames()
void
invalidate()
Invalidates this session and unbinds any objects bound to it.
boolean
isNew()
Return true if the client does not yet know about the session, or if the client chooses not to join the session.
boolean
isValid()
Return the isValid flag for this session.
protected String[]
keys()
Return the names of all currently defined session attributes as an array of Strings.
protected void
log(String message)
Log a message on the Logger associated with our Manager (if any).
protected void
log(String message, Throwable throwable)
Log a message on the Logger associated with our Manager (if any).
void
passivate()
Perform the internal processing required to passivate this session.
void
putValue(String name, Object value)
Deprecated. As of Version 2.2, this method is replaced by setAttribute()
protected void
readObject(ObjectInputStream stream)
Read a serialized version of this session object from the specified object input stream.
void
readObjectData(ObjectInputStream stream)
Read a serialized version of the contents of this session object from the specified object input stream, without requiring that the StandardSession itself have been serialized.
void
recycle()
Release all object references, and initialize instance variables, in preparation for reuse of this object.
void
removeAttribute(String name)
Remove the object bound with the specified name from this session.
void
removeAttribute(String name, boolean notify)
Remove the object bound with the specified name from this session.
protected void
removeAttributeInternal(String name, boolean notify)
Remove the object bound with the specified name from this session.
void
removeNote(String name)
Remove any object bound to the specified name in the internal notes for this session.
void
removeSessionListener(SessionListener listener)
Remove a session event listener from this component.
void
removeValue(String name)
Deprecated. As of Version 2.2, this method is replaced by removeAttribute()
void
setAttribute(String name, Object value)
Bind an object to this session, using the specified name.
void
setAuthType(String authType)
Set the authentication type used to authenticate our cached Principal, if any.
void
setCreationTime(long time)
Set the creation time for this session.
void
setId(String id)
Set the session identifier for this session.
void
setManager(Manager manager)
Set the Manager within which this Session is valid.
void
setMaxInactiveInterval(int interval)
Set the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session.
void
setNew(boolean isNew)
Set the isNew flag for this session.
void
setNote(String name, Object value)
Bind an object to a specified name in the internal notes associated with this session, replacing any existing binding for this name.
void
setPrincipal(Principal principal)
Set the authenticated Principal that is associated with this Session.
void
setValid(boolean isValid)
Set the isValid flag for this session.
void
tellNew()
Inform the listeners about the new session.
String
toString()
Return a string representation of this object.
protected void
writeObject(ObjectOutputStream stream)
Write a serialized version of this session object to the specified object output stream.
void
writeObjectData(ObjectOutputStream stream)
Write a serialized version of the contents of this session object to the specified object output stream, without requiring that the StandardSession itself have been serialized.

Field Details

EMPTY_ARRAY

protected static final String[] EMPTY_ARRAY
Type array.


NOT_SERIALIZED

protected static final String NOT_SERIALIZED
The dummy attribute value serialized when a NotSerializableException is encountered in writeObject().


accessCount

protected int accessCount
The access count for this session.


attributes

protected HashMap attributes
The collection of user data attributes associated with this Session.


authType

protected String authType
The authentication type used to authenticate our cached Principal, if any. NOTE: This value is not included in the serialized version of this object.


containerEventMethod

protected Method containerEventMethod
The java.lang.Method for the fireContainerEvent() method of the org.apache.catalina.core.StandardContext method, if our Context implementation is of this class. This value is computed dynamically the first time it is needed, or after a session reload (since it is declared transient).


containerEventTypes

protected static final Class[] containerEventTypes
The method signature for the fireContainerEvent method.


creationTime

protected long creationTime
The time this session was created, in milliseconds since midnight, January 1, 1970 GMT.


debug

protected int debug
The debugging detail level for this component. NOTE: This value is not included in the serialized version of this object.


expiring

protected boolean expiring
We are currently processing a session expiration, so bypass certain IllegalStateException tests. NOTE: This value is not included in the serialized version of this object.


facade

protected StandardSessionFacade facade
The facade associated with this session. NOTE: This value is not included in the serialized version of this object.


id

protected String id
The session identifier of this Session.


info

protected static final String info
Descriptive information describing this Session implementation.


isNew

protected boolean isNew
Flag indicating whether this session is new or not.


isValid

protected boolean isValid
Flag indicating whether this session is valid or not.


lastAccessedTime

protected long lastAccessedTime
The last accessed time for this Session.


listeners

protected ArrayList listeners
The session event listeners for this Session.


manager

protected Manager manager
The Manager with which this Session is associated.


maxInactiveInterval

protected int maxInactiveInterval
The maximum time interval, in seconds, between client requests before the servlet container may invalidate this session. A negative time indicates that the session should never time out.


notes

protected HashMap notes
Internal notes associated with this session by Catalina components and event listeners. IMPLEMENTATION NOTE: This object is not saved and restored across session serializations!


principal

protected Principal principal
The authenticated Principal associated with this session, if any. IMPLEMENTATION NOTE: This object is not saved and restored across session serializations!


sessionContext

protected static HttpSessionContext sessionContext
The HTTP session context associated with this session.


sm

protected static StringManager sm
The string manager for this package.


support

protected PropertyChangeSupport support
The property change support for this component. NOTE: This value is not included in the serialized version of this object.


thisAccessedTime

protected long thisAccessedTime
The current accessed time for this session.

Constructor Details

StandardSession

public StandardSession(Manager manager)
Construct a new Session associated with the specified Manager.

Parameters:
manager - The manager with which this Session is associated

Method Details

access

public void access()
Update the accessed time information for this session. This method should be called by the context when a request comes in for a particular session, even if the application does not reference it.
Specified by:
access in interface Session


activate

public void activate()
Perform internal processing required to activate this session.


addSessionListener

public void addSessionListener(SessionListener listener)
Add a session event listener to this component.
Specified by:
addSessionListener in interface Session


endAccess

public void endAccess()
End the access.
Specified by:
endAccess in interface Session


evaluateIfValid

protected void evaluateIfValid()


exclude

protected boolean exclude(String name)
Exclude attribute that cannot be serialized.

Parameters:
name - the attribute's name


expire

public void expire()
Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
Specified by:
expire in interface Session


expire

public void expire(boolean notify)
Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.

Parameters:
notify - Should we notify listeners about the demise of this session?


fireContainerEvent

protected void fireContainerEvent(Context context,
                                  String type,
                                  Object data)
            throws Exception
Fire container events if the Context implementation is the org.apache.catalina.core.StandardContext.

Parameters:
context - Context for which to fire events
type - Event type
data - Event data


fireSessionEvent

public void fireSessionEvent(String type,
                             Object data)
Notify all session event listeners that a particular event has occurred for this Session. The default implementation performs this notification synchronously using the calling thread.

Parameters:
type - Event type
data - Event data


getAttribute

public Object getAttribute(String name)
Return the object bound with the specified name in this session, or null if no object is bound with that name.

Parameters:
name - Name of the attribute to be returned


getAttributeInternal

protected Object getAttributeInternal(String name)
Return the value of an attribute without a check for validity.


getAttributeNames

public Enumeration getAttributeNames()
Return an Enumeration of String objects containing the names of the objects bound to this session.


getAuthType

public String getAuthType()
Return the authentication type used to authenticate our cached Principal, if any.
Specified by:
getAuthType in interface Session


getCreationTime

public long getCreationTime()
Return the time when this session was created, in milliseconds since midnight, January 1, 1970 GMT.
Specified by:
getCreationTime in interface Session


getId

public String getId()
Return the session identifier for this session.
Specified by:
getId in interface Session


getInfo

public String getInfo()
Return descriptive information about this Session implementation and the corresponding version number, in the format <description>/<version>.
Specified by:
getInfo in interface Session


getLastAccessedTime

public long getLastAccessedTime()
Return the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT. Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time.
Specified by:
getLastAccessedTime in interface Session


getManager

public Manager getManager()
Return the Manager within which this Session is valid.
Specified by:
getManager in interface Session


getMaxInactiveInterval

public int getMaxInactiveInterval()
Return the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session. A negative time indicates that the session should never time out.
Specified by:
getMaxInactiveInterval in interface Session


getNote

public Object getNote(String name)
Return the object bound with the specified name to the internal notes for this session, or null if no such binding exists.
Specified by:
getNote in interface Session

Parameters:
name - Name of the note to be returned


getNoteNames

public Iterator getNoteNames()
Return an Iterator containing the String names of all notes bindings that exist for this session.
Specified by:
getNoteNames in interface Session


getPrincipal

public Principal getPrincipal()
Return the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request. If there is no current associated Principal, return null.
Specified by:
getPrincipal in interface Session


getServletContext

public ServletContext getServletContext()
Return the ServletContext to which this session belongs.


getSession

public HttpSession getSession()
Return the HttpSession for which this object is the facade.
Specified by:
getSession in interface Session


getSessionContext

public HttpSessionContext getSessionContext()

Deprecated. As of Version 2.1, this method is deprecated and has no replacement. It will be removed in a future version of the Java Servlet API.

Return the session context with which this session is associated.


getValue

public Object getValue(String name)

Deprecated. As of Version 2.2, this method is replaced by getAttribute()

Return the object bound with the specified name in this session, or null if no object is bound with that name.

Parameters:
name - Name of the value to be returned


getValueNames

public String[] getValueNames()

Deprecated. As of Version 2.2, this method is replaced by getAttributeNames()

Return the set of names of objects bound to this session. If there are no such objects, a zero-length array is returned.


invalidate

public void invalidate()
Invalidates this session and unbinds any objects bound to it.


isNew

public boolean isNew()
Return true if the client does not yet know about the session, or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client has disabled the use of cookies, then a session would be new on each request.


isValid

public boolean isValid()
Return the isValid flag for this session.
Specified by:
isValid in interface Session


keys

protected String[] keys()
Return the names of all currently defined session attributes as an array of Strings. If there are no defined attributes, a zero-length array is returned.


log

protected void log(String message)
Log a message on the Logger associated with our Manager (if any).

Parameters:
message - Message to be logged


log

protected void log(String message,
                   Throwable throwable)
Log a message on the Logger associated with our Manager (if any).

Parameters:
message - Message to be logged
throwable - Associated exception


passivate

public void passivate()
Perform the internal processing required to passivate this session.


putValue

public void putValue(String name,
                     Object value)

Deprecated. As of Version 2.2, this method is replaced by setAttribute()

Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

Parameters:
name - Name to which the object is bound, cannot be null
value - Object to be bound, cannot be null


readObject

protected void readObject(ObjectInputStream stream)
            throws ClassNotFoundException,
                   IOException
Read a serialized version of this session object from the specified object input stream.

IMPLEMENTATION NOTE: The reference to the owning Manager is not restored by this method, and must be set explicitly.

Parameters:
stream - The input stream to read from


readObjectData

public void readObjectData(ObjectInputStream stream)
            throws ClassNotFoundException,
                   IOException
Read a serialized version of the contents of this session object from the specified object input stream, without requiring that the StandardSession itself have been serialized.

Parameters:
stream - The object input stream to read from


recycle

public void recycle()
Release all object references, and initialize instance variables, in preparation for reuse of this object.
Specified by:
recycle in interface Session


removeAttribute

public void removeAttribute(String name)
Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

Parameters:
name - Name of the object to remove from this session.


removeAttribute

public void removeAttribute(String name,
                            boolean notify)
Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

Parameters:
name - Name of the object to remove from this session.
notify - Should we notify interested listeners that this attribute is being removed?


removeAttributeInternal

protected void removeAttributeInternal(String name,
                                       boolean notify)
Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

Parameters:
name - Name of the object to remove from this session.
notify - Should we notify interested listeners that this attribute is being removed?


removeNote

public void removeNote(String name)
Remove any object bound to the specified name in the internal notes for this session.
Specified by:
removeNote in interface Session

Parameters:
name - Name of the note to be removed


removeSessionListener

public void removeSessionListener(SessionListener listener)
Remove a session event listener from this component.
Specified by:
removeSessionListener in interface Session


removeValue

public void removeValue(String name)

Deprecated. As of Version 2.2, this method is replaced by removeAttribute()

Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

Parameters:
name - Name of the object to remove from this session.


setAttribute

public void setAttribute(String name,
                         Object value)
Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

Parameters:
name - Name to which the object is bound, cannot be null
value - Object to be bound, cannot be null


setAuthType

public void setAuthType(String authType)
Set the authentication type used to authenticate our cached Principal, if any.
Specified by:
setAuthType in interface Session

Parameters:
authType - The new cached authentication type


setCreationTime

public void setCreationTime(long time)
Set the creation time for this session. This method is called by the Manager when an existing Session instance is reused.
Specified by:
setCreationTime in interface Session

Parameters:
time - The new creation time


setId

public void setId(String id)
Set the session identifier for this session.
Specified by:
setId in interface Session

Parameters:
id - The new session identifier


setManager

public void setManager(Manager manager)
Set the Manager within which this Session is valid.
Specified by:
setManager in interface Session

Parameters:
manager - The new Manager


setMaxInactiveInterval

public void setMaxInactiveInterval(int interval)
Set the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session. A negative time indicates that the session should never time out.
Specified by:
setMaxInactiveInterval in interface Session

Parameters:
interval - The new maximum interval


setNew

public void setNew(boolean isNew)
Set the isNew flag for this session.
Specified by:
setNew in interface Session

Parameters:
isNew - The new value for the isNew flag


setNote

public void setNote(String name,
                    Object value)
Bind an object to a specified name in the internal notes associated with this session, replacing any existing binding for this name.
Specified by:
setNote in interface Session

Parameters:
name - Name to which the object should be bound
value - Object to be bound to the specified name


setPrincipal

public void setPrincipal(Principal principal)
Set the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request.
Specified by:
setPrincipal in interface Session

Parameters:
principal - The new Principal, or null if none


setValid

public void setValid(boolean isValid)
Set the isValid flag for this session.
Specified by:
setValid in interface Session

Parameters:
isValid - The new value for the isValid flag


tellNew

public void tellNew()
Inform the listeners about the new session.


toString

public String toString()
Return a string representation of this object.


writeObject

protected void writeObject(ObjectOutputStream stream)
            throws IOException
Write a serialized version of this session object to the specified object output stream.

IMPLEMENTATION NOTE: The owning Manager will not be stored in the serialized representation of this Session. After calling readObject(), you must set the associated Manager explicitly.

IMPLEMENTATION NOTE: Any attribute that is not Serializable will be unbound from the session, with appropriate actions if it implements HttpSessionBindingListener. If you do not want any such attributes, be sure the distributable property of the associated Manager is set to true.

Parameters:
stream - The output stream to write to


writeObjectData

public void writeObjectData(ObjectOutputStream stream)
            throws IOException
Write a serialized version of the contents of this session object to the specified object output stream, without requiring that the StandardSession itself have been serialized.

Parameters:
stream - The object output stream to write to


Copyright B) 2000-2003 Apache Software Foundation. All Rights Reserved.