org.eclipse.jetty.server.session
Class AbstractSessionManager

java.lang.Object
  org.eclipse.jetty.util.component.AbstractLifeCycle
      org.eclipse.jetty.server.session.AbstractSessionManager

All Implemented Interfaces:

SessionManager, LifeCycle

Direct Known Subclasses:

HashSessionManager, JDBCSessionManager

public abstract class AbstractSessionManager
extends AbstractLifeCycle
implements SessionManager

An Abstract implementation of SessionManager. The partial implementation of SessionManager interface provides the majority of the handling required to implement a SessionManager. Concrete implementations of SessionManager based on AbstractSessionManager need only implement the newSession method to return a specialised version of the Session inner class that provides an attribute Map.

Nested Class Summary

static class	AbstractSessionManager.NullSessionContext Null returning implementation of HttpSessionContext
class	AbstractSessionManager.Session Implements HttpSession from the javax.servlet package.
static interface	AbstractSessionManager.SessionIf Interface that any session wrapper should implement so that SessionManager may access the Jetty session implementation.

Nested classes/interfaces inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

AbstractLifeCycle.AbstractLifeCycleListener

Nested classes/interfaces inherited from interface org.eclipse.jetty.util.component.LifeCycle

LifeCycle.Listener

Field Summary

static int	__distantFuture
protected boolean	_checkingRemoteSessionIdEncoding
protected ContextHandler.Context	_context
protected int	_dftMaxIdleSecs
protected boolean	_httpOnly
protected ClassLoader	_loader
protected int	_maxCookieAge
protected boolean	_nodeIdInSessionId
protected int	_refreshCookieAge
protected boolean	_secureCookies
protected Object	_sessionAttributeListeners
protected String	_sessionCookie
protected String	_sessionDomain
protected SessionHandler	_sessionHandler
protected SessionIdManager	_sessionIdManager
protected String	_sessionIdPathParameterName
protected String	_sessionIdPathParameterNamePrefix
protected Object	_sessionListeners
protected String	_sessionPath
protected CounterStatistic	_sessionsStats
protected SampleStatistic	_sessionTimeStats

Fields inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

_listeners, FAILED, RUNNING, STARTED, STARTING, STOPPED, STOPPING

Fields inherited from interface org.eclipse.jetty.server.SessionManager

__CheckRemoteSessionEncoding, __DefaultSessionCookie, __DefaultSessionDomain, __DefaultSessionIdPathParameterName, __MaxAgeProperty, __SessionCookieProperty, __SessionDomainProperty, __SessionIdPathParameterNameProperty, __SessionPathProperty

Constructor Summary

AbstractSessionManager()

Method Summary

HttpCookie	access(HttpSession session, boolean secure) Called by the SessionHandler when a session is first accessed by a request.
void	addEventListener(EventListener listener) Adds an event listener for session-related events.
protected abstract void	addSession(AbstractSessionManager.Session session)
protected void	addSession(AbstractSessionManager.Session session, boolean created) Add the session Registers the session with this manager and registers the session ID with the sessionIDManager;
void	clearEventListeners() Removes all event listeners for session-related events.
void	complete(HttpSession session) Called by the SessionHandler when a session is last accessed by a request.
void	doStart()
void	doStop()
String	getClusterId(HttpSession session)
boolean	getHttpOnly()
HttpSession	getHttpSession(String nodeId) Returns the HttpSession with the given session id
SessionIdManager	getIdManager()
int	getMaxCookieAge()
int	getMaxInactiveInterval()
int	getMaxSessions() Deprecated.
SessionIdManager	getMetaManager() Deprecated. use getIdManager()
int	getMinSessions() Deprecated. always returns 0. no replacement available.
String	getNodeId(HttpSession session)
int	getRefreshCookieAge()
boolean	getSecureCookies()
abstract AbstractSessionManager.Session	getSession(String idInCluster) Get a known existing session
String	getSessionCookie()
HttpCookie	getSessionCookie(HttpSession session, String contextPath, boolean requestIsSecure) Gets a Cookie for a session.
String	getSessionDomain()
SessionHandler	getSessionHandler()
String	getSessionIdPathParameterName()
String	getSessionIdPathParameterNamePrefix()
abstract Map	getSessionMap() Deprecated. Need to review if it is needed.
String	getSessionPath()
int	getSessions()
int	getSessionsMax()
int	getSessionsTotal()
long	getSessionTimeMax()
double	getSessionTimeMean()
double	getSessionTimeStdDev()
long	getSessionTimeTotal()
protected abstract void	invalidateSessions()
boolean	isCheckingRemoteSessionIdEncoding()
boolean	isNodeIdInSessionId()
boolean	isUsingCookies()
boolean	isValid(HttpSession session)
HttpSession	newHttpSession(HttpServletRequest request) Create a new HttpSession for a request
protected abstract AbstractSessionManager.Session	newSession(HttpServletRequest request) Create a new session instance
void	removeEventListener(EventListener listener) Removes an event listener for for session-related events.
void	removeSession(AbstractSessionManager.Session session, boolean invalidate) Remove session from manager
void	removeSession(HttpSession session, boolean invalidate) Remove session from manager
protected abstract boolean	removeSession(String idInCluster)
void	resetStats() Deprecated.
void	setCheckingRemoteSessionIdEncoding(boolean remote)
void	setHttpOnly(boolean httpOnly)
void	setIdManager(SessionIdManager metaManager) Sets the cross context session id manager
void	setMaxCookieAge(int maxCookieAgeInSeconds) Sets the max age to set on the session cookie, in seconds
void	setMaxInactiveInterval(int seconds) Sets the max period of inactivity, after which the session is invalidated, in seconds.
void	setMetaManager(SessionIdManager metaManager) Deprecated. use setIdManager(SessionIdManager)
void	setNodeIdInSessionId(boolean nodeIdInSessionId)
void	setRefreshCookieAge(int ageInSeconds)
void	setSecureCookies(boolean secureCookies) Set if the session manager should use SecureCookies.
void	setSessionCookie(String cookieName) Sets the session cookie name.
void	setSessionDomain(String domain) Sets the domain to set on the session cookie
void	setSessionHandler(SessionHandler sessionHandler) Sets the SessionHandler.
void	setSessionIdPathParameterName(String param) Sets the session id URL path parameter name.
void	setSessionPath(String path) Sets the path to set on the session cookie
void	setUsingCookies(boolean usingCookies)
void	statsReset() Reset statistics values

Methods inherited from class org.eclipse.jetty.util.component.AbstractLifeCycle

addLifeCycleListener, getState, getState, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Methods inherited from class java.lang.Object

clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait

Methods inherited from interface org.eclipse.jetty.util.component.LifeCycle

addLifeCycleListener, isFailed, isRunning, isStarted, isStarting, isStopped, isStopping, removeLifeCycleListener, start, stop

Field Detail

__distantFuture

public static final int __distantFuture

See Also:

Constant Field Values

_dftMaxIdleSecs

protected int _dftMaxIdleSecs

_sessionHandler

protected SessionHandler _sessionHandler

_httpOnly

protected boolean _httpOnly

_sessionIdManager

protected SessionIdManager _sessionIdManager

_secureCookies

protected boolean _secureCookies

_sessionAttributeListeners

protected Object _sessionAttributeListeners

_sessionListeners

protected Object _sessionListeners

_loader

protected ClassLoader _loader

_context

protected ContextHandler.Context _context

_sessionCookie

protected String _sessionCookie

_sessionIdPathParameterName

protected String _sessionIdPathParameterName

_sessionIdPathParameterNamePrefix

protected String _sessionIdPathParameterNamePrefix

_sessionDomain

protected String _sessionDomain

_sessionPath

protected String _sessionPath

_maxCookieAge

protected int _maxCookieAge

_refreshCookieAge

protected int _refreshCookieAge

_nodeIdInSessionId

protected boolean _nodeIdInSessionId

_checkingRemoteSessionIdEncoding

protected boolean _checkingRemoteSessionIdEncoding

_sessionsStats

protected final CounterStatistic _sessionsStats

_sessionTimeStats

protected final SampleStatistic _sessionTimeStats

Constructor Detail

AbstractSessionManager

public AbstractSessionManager()

Method Detail

access

public HttpCookie access(HttpSession session,
                         boolean secure)

Description copied from interface: SessionManager

Called by the SessionHandler when a session is first accessed by a request.

Specified by:

access in interface SessionManager

Parameters:

session - the session object

secure - whether the request is secure or not

Returns:

the session cookie. If not null, this cookie should be set on the response to either migrate the session or to refresh a session cookie that may expire.

See Also:

SessionManager.complete(HttpSession)

addEventListener

public void addEventListener(EventListener listener)

Description copied from interface: SessionManager

Adds an event listener for session-related events.

Specified by:

addEventListener in interface SessionManager

Parameters:

listener - the session event listener to add Individual SessionManagers implementations may accept arbitrary listener types, but they are expected to at least handle HttpSessionActivationListener, HttpSessionAttributeListener, HttpSessionBindingListener and HttpSessionListener.

See Also:

SessionManager.removeEventListener(EventListener)

clearEventListeners

public void clearEventListeners()

Description copied from interface: SessionManager

Removes all event listeners for session-related events.

Specified by:

clearEventListeners in interface SessionManager

See Also:

SessionManager.removeEventListener(EventListener)

complete

public void complete(HttpSession session)

Description copied from interface: SessionManager

Called by the SessionHandler when a session is last accessed by a request.

Specified by:

complete in interface SessionManager

Parameters:

session - the session object

See Also:

SessionManager.access(HttpSession, boolean)

doStart

public void doStart()
             throws Exception

Overrides:

doStart in class AbstractLifeCycle

Throws:

Exception

doStop

public void doStop()
            throws Exception

Overrides:

doStop in class AbstractLifeCycle

Throws:

Exception

getHttpOnly

public boolean getHttpOnly()

Specified by:

getHttpOnly in interface SessionManager

Returns:

Returns the httpOnly.

See Also:

HttpCookie.isHttpOnly()

getHttpSession

public HttpSession getHttpSession(String nodeId)

Description copied from interface: SessionManager

Returns the HttpSession with the given session id

Specified by:

getHttpSession in interface SessionManager

Parameters:

nodeId - the session id

Returns:

the HttpSession with the corresponding id or null if no session with the given id exists

getIdManager

public SessionIdManager getIdManager()

Specified by:

getIdManager in interface SessionManager

Returns:

Returns the metaManager used for cross context session management

See Also:

SessionManager.setIdManager(SessionIdManager)

getMaxCookieAge

public int getMaxCookieAge()

Specified by:

getMaxCookieAge in interface SessionManager

Returns:

the max age to set on the session cookie, in seconds

See Also:

SessionManager.setMaxCookieAge(int)

getMaxInactiveInterval

public int getMaxInactiveInterval()

Specified by:

getMaxInactiveInterval in interface SessionManager

Returns:

seconds

See Also:

SessionManager.setMaxInactiveInterval(int)

getMaxSessions

@Deprecated
public int getMaxSessions()

Deprecated.

See Also:

getSessionsMax()

getSessionsMax

public int getSessionsMax()

Returns:

maximum number of sessions

getSessionsTotal

public int getSessionsTotal()

Returns:

total number of sessions

getMetaManager

@Deprecated
public SessionIdManager getMetaManager()

Deprecated. use getIdManager()

Specified by:

getMetaManager in interface SessionManager

Returns:

the cross context session id manager.

getMinSessions

@Deprecated
public int getMinSessions()

Deprecated. always returns 0. no replacement available.

getRefreshCookieAge

public int getRefreshCookieAge()

getSecureCookies

public boolean getSecureCookies()

Specified by:

getSecureCookies in interface SessionManager

Returns:

Returns the secureCookies.

getSessionCookie

public String getSessionCookie()

Specified by:

getSessionCookie in interface SessionManager

Returns:

the session cookie name, by default "JSESSIONID".

See Also:

SessionManager.setSessionCookie(String)

getSessionCookie

public HttpCookie getSessionCookie(HttpSession session,
                                   String contextPath,
                                   boolean requestIsSecure)

Description copied from interface: SessionManager

Gets a Cookie for a session.

Specified by:

getSessionCookie in interface SessionManager

Parameters:

session - the session to which the cookie should refer.

contextPath - the context to which the cookie should be linked. The client will only send the cookie value when requesting resources under this path.

requestIsSecure - whether the client is accessing the server over a secure protocol (i.e. HTTPS).

Returns:

if this SessionManager uses cookies, then this method will return a new cookie object that should be set on the client in order to link future HTTP requests with the session. If cookies are not in use, this method returns null.

getSessionDomain

public String getSessionDomain()

Specified by:

getSessionDomain in interface SessionManager

Returns:

the domain to set on the session cookie

See Also:

SessionManager.setSessionDomain(String)

getSessionHandler

public SessionHandler getSessionHandler()

Returns:

Returns the sessionHandler.

getSessionMap

public abstract Map getSessionMap()

Deprecated. Need to review if it is needed.

getSessionPath

public String getSessionPath()

Specified by:

getSessionPath in interface SessionManager

Returns:

the path to set on the session cookie

See Also:

SessionManager.setSessionPath(String)

getSessions

public int getSessions()

getSessionIdPathParameterName

public String getSessionIdPathParameterName()

Specified by:

getSessionIdPathParameterName in interface SessionManager

Returns:

the URL path parameter name for session id URL rewriting, by default "jsessionid".

See Also:

SessionManager.setSessionIdPathParameterName(String)

getSessionIdPathParameterNamePrefix

public String getSessionIdPathParameterNamePrefix()

Specified by:

getSessionIdPathParameterNamePrefix in interface SessionManager

Returns:

a formatted version of SessionManager.getSessionIdPathParameterName(), by default ";" + sessionIdParameterName + "=", for easier lookup in URL strings.

See Also:

SessionManager.getSessionIdPathParameterName()

isUsingCookies

public boolean isUsingCookies()

Specified by:

isUsingCookies in interface SessionManager

Returns:

Returns the usingCookies.

isValid

public boolean isValid(HttpSession session)

Specified by:

isValid in interface SessionManager

Parameters:

session - the session to test for validity

Returns:

whether the given session is valid, that is, it has not been invalidated.

getClusterId

public String getClusterId(HttpSession session)

Specified by:

getClusterId in interface SessionManager

Parameters:

session - the session object

Returns:

the unique id of the session within the cluster (without a node id extension)

See Also:

SessionManager.getNodeId(HttpSession)

getNodeId

public String getNodeId(HttpSession session)

Specified by:

getNodeId in interface SessionManager

Parameters:

session - the session object

Returns:

the unique id of the session within the cluster, extended with an optional node id.

See Also:

SessionManager.getClusterId(HttpSession)

newHttpSession

public HttpSession newHttpSession(HttpServletRequest request)

Create a new HttpSession for a request

Specified by:

newHttpSession in interface SessionManager

Parameters:

request - the HttpServletRequest containing the requested session id

Returns:

the new HttpSession

removeEventListener

public void removeEventListener(EventListener listener)

Description copied from interface: SessionManager

Removes an event listener for for session-related events.

Specified by:

removeEventListener in interface SessionManager

Parameters:

listener - the session event listener to remove

See Also:

SessionManager.addEventListener(EventListener)

resetStats

@Deprecated
public void resetStats()

Deprecated.

See Also:

statsReset()

statsReset

public void statsReset()

Reset statistics values

setHttpOnly

public void setHttpOnly(boolean httpOnly)

Parameters:

httpOnly - The httpOnly to set.

setIdManager

public void setIdManager(SessionIdManager metaManager)

Description copied from interface: SessionManager

Sets the cross context session id manager

Specified by:

setIdManager in interface SessionManager

Parameters:

metaManager - The metaManager used for cross context session management.

See Also:

SessionManager.getIdManager()

setMaxCookieAge

public void setMaxCookieAge(int maxCookieAgeInSeconds)

Description copied from interface: SessionManager

Sets the max age to set on the session cookie, in seconds

Specified by:

setMaxCookieAge in interface SessionManager

Parameters:

maxCookieAgeInSeconds - the max age to set on the session cookie, in seconds

See Also:

SessionManager.getMaxCookieAge()

setMaxInactiveInterval

public void setMaxInactiveInterval(int seconds)

Description copied from interface: SessionManager

Sets the max period of inactivity, after which the session is invalidated, in seconds.

Specified by:

setMaxInactiveInterval in interface SessionManager

Parameters:

seconds -

See Also:

SessionManager.getMaxInactiveInterval()

setMetaManager

@Deprecated
public void setMetaManager(SessionIdManager metaManager)

Deprecated. use setIdManager(SessionIdManager)

setRefreshCookieAge

public void setRefreshCookieAge(int ageInSeconds)

setSecureCookies

public void setSecureCookies(boolean secureCookies)

Set if the session manager should use SecureCookies. A secure cookie will only be sent by a browser on a secure (https) connection to avoid the concern of cookies being intercepted on non secure channels. For the cookie to be issued as secure, the ServletRequest.isSecure() method must return true. If SSL offload is used, then the AbstractConnector.customize(org.eclipse.jetty.io.EndPoint, Request) method can be used to force the request to be https, or the AbstractConnector.setForwarded(boolean) can be set to true, so that the X-Forwarded-Proto header is respected.

If secure session cookies are used, then a session may not be shared between http and https requests.

Parameters:

secureCookies - If true, use secure cookies.

setSessionCookie

public void setSessionCookie(String cookieName)

Description copied from interface: SessionManager

Sets the session cookie name.

Specified by:

setSessionCookie in interface SessionManager

Parameters:

cookieName - the session cookie name

See Also:

SessionManager.getSessionCookie()

setSessionDomain

public void setSessionDomain(String domain)

Description copied from interface: SessionManager

Sets the domain to set on the session cookie

Specified by:

setSessionDomain in interface SessionManager

Parameters:

domain - the domain to set on the session cookie

See Also:

SessionManager.getSessionDomain()

setSessionHandler

public void setSessionHandler(SessionHandler sessionHandler)

Description copied from interface: SessionManager

Sets the SessionHandler.

Specified by:

setSessionHandler in interface SessionManager

Parameters:

sessionHandler - The sessionHandler to set.

setSessionPath

public void setSessionPath(String path)

Description copied from interface: SessionManager

Sets the path to set on the session cookie

Specified by:

setSessionPath in interface SessionManager

Parameters:

path - the path to set on the session cookie

See Also:

SessionManager.setSessionPath(java.lang.String)

setSessionIdPathParameterName

public void setSessionIdPathParameterName(String param)

Description copied from interface: SessionManager

Sets the session id URL path parameter name.

Specified by:

setSessionIdPathParameterName in interface SessionManager

Parameters:

param - the URL path parameter name for session id URL rewriting (null or "none" for no rewriting).

See Also:

SessionManager.getSessionIdPathParameterName(), SessionManager.getSessionIdPathParameterNamePrefix()

setUsingCookies

public void setUsingCookies(boolean usingCookies)

Parameters:

usingCookies - The usingCookies to set.

addSession

protected abstract void addSession(AbstractSessionManager.Session session)

addSession

protected void addSession(AbstractSessionManager.Session session,
                          boolean created)

Add the session Registers the session with this manager and registers the session ID with the sessionIDManager;

getSession

public abstract AbstractSessionManager.Session getSession(String idInCluster)

Get a known existing session

Parameters:

idInCluster - The session ID in the cluster, stripped of any worker name.

Returns:

A Session or null if none exists.

invalidateSessions

protected abstract void invalidateSessions()

newSession

protected abstract AbstractSessionManager.Session newSession(HttpServletRequest request)

Create a new session instance

Parameters:

request -

Returns:

the new session

isNodeIdInSessionId

public boolean isNodeIdInSessionId()

Returns:

true if the cluster node id (worker id) is returned as part of the session id by HttpSession.getId(). Default is false.

setNodeIdInSessionId

public void setNodeIdInSessionId(boolean nodeIdInSessionId)

Parameters:

nodeIdInSessionId - true if the cluster node id (worker id) will be returned as part of the session id by HttpSession.getId(). Default is false.

removeSession

public void removeSession(HttpSession session,
                          boolean invalidate)

Remove session from manager

Parameters:

session - The session to remove

invalidate - True if HttpSessionListener.sessionDestroyed(HttpSessionEvent) and SessionIdManager.invalidateAll(String) should be called.

removeSession

public void removeSession(AbstractSessionManager.Session session,
                          boolean invalidate)

Remove session from manager

Parameters:

session - The session to remove

invalidate - True if HttpSessionListener.sessionDestroyed(HttpSessionEvent) and SessionIdManager.invalidateAll(String) should be called.

removeSession

protected abstract boolean removeSession(String idInCluster)

getSessionTimeMax

public long getSessionTimeMax()

Returns:

maximum amount of time session remained valid

getSessionTimeTotal

public long getSessionTimeTotal()

Returns:

total amount of time all sessions remained valid

getSessionTimeMean

public double getSessionTimeMean()

Returns:

mean amount of time session remained valid

getSessionTimeStdDev

public double getSessionTimeStdDev()

Returns:

standard deviation of amount of time session remained valid

isCheckingRemoteSessionIdEncoding

public boolean isCheckingRemoteSessionIdEncoding()

Specified by:

isCheckingRemoteSessionIdEncoding in interface SessionManager

Returns:

True if absolute URLs are check for remoteness before being session encoded.

See Also:

SessionManager.isCheckingRemoteSessionIdEncoding()

setCheckingRemoteSessionIdEncoding

public void setCheckingRemoteSessionIdEncoding(boolean remote)

Specified by:

setCheckingRemoteSessionIdEncoding in interface SessionManager

Parameters:

remote - True if absolute URLs are check for remoteness before being session encoded.

See Also:

SessionManager.setCheckingRemoteSessionIdEncoding(boolean)