View Javadoc

1   // ========================================================================
2   // Copyright (c) 2008-2009 Mort Bay Consulting Pty. Ltd.
3   // ------------------------------------------------------------------------
4   // All rights reserved. This program and the accompanying materials
5   // are made available under the terms of the Eclipse Public License v1.0
6   // and Apache License v2.0 which accompanies this distribution.
7   // The Eclipse Public License is available at 
8   // http://www.eclipse.org/legal/epl-v10.html
9   // The Apache License v2.0 is available at
10  // http://www.opensource.org/licenses/apache2.0.php
11  // You may elect to redistribute this code under either of these licenses. 
12  // ========================================================================
13  
14  
15  package org.eclipse.jetty.server.session;
16  
17  import java.io.ByteArrayInputStream;
18  import java.io.ByteArrayOutputStream;
19  import java.io.IOException;
20  import java.io.InputStream;
21  import java.io.ObjectInputStream;
22  import java.io.ObjectOutputStream;
23  import java.sql.Connection;
24  import java.sql.PreparedStatement;
25  import java.sql.ResultSet;
26  import java.sql.SQLException;
27  import java.util.HashMap;
28  import java.util.List;
29  import java.util.ListIterator;
30  import java.util.Map;
31  import java.util.Set;
32  import java.util.concurrent.ConcurrentHashMap;
33  import java.util.concurrent.atomic.AtomicReference;
34  
35  import javax.servlet.SessionTrackingMode;
36  import javax.servlet.http.HttpServletRequest;
37  import javax.servlet.http.HttpSessionEvent;
38  import javax.servlet.http.HttpSessionListener;
39  
40  import org.eclipse.jetty.server.SessionIdManager;
41  import org.eclipse.jetty.server.handler.ContextHandler;
42  import org.eclipse.jetty.util.log.Log;
43  import org.eclipse.jetty.util.log.Logger;
44  
45  /**
46   * JDBCSessionManager
47   *
48   * SessionManager that persists sessions to a database to enable clustering.
49   * 
50   * Session data is persisted to the JettySessions table:
51   * 
52   * rowId (unique in cluster: webapp name/path + virtualhost + sessionId)
53   * contextPath (of the context owning the session)
54   * sessionId (unique in a context)
55   * lastNode (name of node last handled session)
56   * accessTime (time in milliseconds session was accessed)
57   * lastAccessTime (previous time in milliseconds session was accessed)
58   * createTime (time in milliseconds session created)
59   * cookieTime (time in milliseconds session cookie created)
60   * lastSavedTime (last time in milliseconds session access times were saved)
61   * expiryTime (time in milliseconds that the session is due to expire)
62   * map (attribute map)
63   * 
64   * As an optimization, to prevent thrashing the database, we do not persist
65   * the accessTime and lastAccessTime every time the session is accessed. Rather,
66   * we write it out every so often. The frequency is controlled by the saveIntervalSec
67   * field.
68   */
69  public class JDBCSessionManager extends AbstractSessionManager
70  {
71      private static final Logger LOG = Log.getLogger(JDBCSessionManager.class);
72    
73      protected  String __insertSession;  
74      protected  String __deleteSession; 
75      protected  String __selectSession;   
76      protected  String __updateSession;  
77      protected  String __updateSessionNode; 
78      protected  String __updateSessionAccessTime;
79      protected  String __sessionTableRowId;
80      
81      private ConcurrentHashMap<String, AbstractSession> _sessions;
82      protected long _saveIntervalSec = 60; //only persist changes to session access times every 60 secs
83    
84      /**
85       * SessionData
86       *
87       * Persistable data about a session.
88       */
89      public class SessionData
90      {
91          private final String _id;
92          private String _rowId;
93          private long _accessed;
94          private long _lastAccessed;
95          private long _maxIdleMs=-1;
96          private long _cookieSet;
97          private long _created;
98          private Map<String,Object> _attributes;
99          private String _lastNode;
100         private String _canonicalContext;
101         private long _lastSaved;
102         private long _expiryTime;
103         private String _virtualHost;
104 
105         public SessionData (String sessionId)
106         {
107             _id=sessionId;
108             _created=System.currentTimeMillis();
109             _accessed = _created;
110             _attributes = new HashMap<String,Object>();
111             _lastNode = getSessionIdManager().getWorkerName();
112         }
113         
114         public SessionData (String sessionId,Map<String,Object> attributes)
115         {
116             _id=sessionId;
117             _created=System.currentTimeMillis();
118             _accessed = _created;
119             _attributes = attributes;
120             _lastNode = getSessionIdManager().getWorkerName();
121         }
122 
123         public synchronized String getId ()
124         {
125             return _id;
126         }
127 
128         public synchronized long getCreated ()
129         {
130             return _created;
131         }
132         
133         protected synchronized void setCreated (long ms)
134         {
135             _created = ms;
136         }
137         
138         public synchronized long getAccessed ()
139         {
140             return _accessed;
141         }
142         
143         protected synchronized void setAccessed (long ms)
144         {
145             _accessed = ms;
146         }
147         
148         
149         public synchronized void setMaxIdleMs (long ms)
150         {
151             _maxIdleMs = ms;
152         }
153 
154         public synchronized long getMaxIdleMs()
155         {
156             return _maxIdleMs;
157         }
158 
159         public synchronized void setLastAccessed (long ms)
160         {
161             _lastAccessed = ms;
162         }
163 
164         public synchronized long getLastAccessed()
165         {
166             return _lastAccessed;
167         }
168 
169         public void setCookieSet (long ms)
170         {
171             _cookieSet = ms;
172         }
173 
174         public synchronized long getCookieSet ()
175         {
176             return _cookieSet;
177         }
178         
179         public synchronized void setRowId (String rowId)
180         {
181             _rowId=rowId;
182         }
183         
184         protected synchronized String getRowId()
185         {
186             return _rowId;
187         }
188         
189         protected synchronized Map<String,Object> getAttributeMap ()
190         {
191             return _attributes;
192         }
193         
194         protected synchronized void setAttributeMap (Map<String,Object> map)
195         {
196             _attributes = map;
197         } 
198         
199         public synchronized void setLastNode (String node)
200         {
201             _lastNode=node;
202         }
203         
204         public synchronized String getLastNode ()
205         {
206             return _lastNode;
207         }
208         
209         public synchronized void setCanonicalContext(String str)
210         {
211             _canonicalContext=str;
212         }
213         
214         public synchronized String getCanonicalContext ()
215         {
216             return _canonicalContext;
217         }
218         
219         public synchronized long getLastSaved ()
220         {
221             return _lastSaved;
222         }
223         
224         public synchronized void setLastSaved (long time)
225         {
226             _lastSaved=time;
227         }
228         
229         public synchronized void setExpiryTime (long time)
230         {
231             _expiryTime=time;      
232         }
233         
234         public synchronized long getExpiryTime ()
235         {
236             return _expiryTime;
237         }
238         
239         public synchronized void setVirtualHost (String vhost)
240         {
241             _virtualHost=vhost;
242         }
243         
244         public synchronized String getVirtualHost ()
245         {
246             return _virtualHost;
247         }
248         
249         @Override
250         public String toString ()
251         {
252             return "Session rowId="+_rowId+",id="+_id+",lastNode="+_lastNode+
253                             ",created="+_created+",accessed="+_accessed+
254                             ",lastAccessed="+_lastAccessed+",cookieSet="+_cookieSet+
255                             "lastSaved="+_lastSaved;
256         }
257     }
258 
259     
260     
261     /**
262      * Session
263      *
264      * Session instance in memory of this node.
265      */
266     public class Session extends AbstractSession
267     {
268         private static final long serialVersionUID = 5208464051134226143L;
269         private final SessionData _data;
270         private boolean _dirty=false;
271 
272         /**
273          * Session from a request.
274          * 
275          * @param request
276          */
277         protected Session (HttpServletRequest request)
278         {
279             super(JDBCSessionManager.this,request);   
280             _data = new SessionData(getClusterId(),_jdbcAttributes);
281             if (_dftMaxIdleSecs>0)
282                 _data.setMaxIdleMs(_dftMaxIdleSecs*1000);
283             _data.setCanonicalContext(canonicalize(_context.getContextPath()));
284             _data.setVirtualHost(getVirtualHost(_context));
285             int maxInterval=getMaxInactiveInterval();
286             _data.setExpiryTime(maxInterval <= 0 ? 0 : (System.currentTimeMillis() + maxInterval*1000));
287         }
288 
289         /**
290           * Session restored in database.
291           * @param data
292           */
293          protected Session (long accessed, SessionData data)
294          {
295              super(JDBCSessionManager.this,data.getCreated(), accessed, data.getId());
296              _data=data;
297              if (_dftMaxIdleSecs>0)
298                  _data.setMaxIdleMs(_dftMaxIdleSecs*1000);
299              _jdbcAttributes.putAll(_data.getAttributeMap());
300              _data.setAttributeMap(_jdbcAttributes);
301          }
302          
303          @Override
304         public void setAttribute (String name, Object value)
305          {
306              super.setAttribute(name, value);
307              _dirty=true;
308          }
309 
310          @Override
311         public void removeAttribute (String name)
312          {
313              super.removeAttribute(name); 
314              _dirty=true;
315          }
316          
317          @Override
318         protected void cookieSet()
319          {
320              _data.setCookieSet(_data.getAccessed());
321          }
322 
323         /** 
324          * Entry to session.
325          * Called by SessionHandler on inbound request and the session already exists in this node's memory.
326          * 
327          * @see org.eclipse.jetty.server.session.AbstractSession#access(long)
328          */
329         @Override
330         protected boolean access(long time)
331         {
332             if (super.access(time))
333             {
334                 _data.setLastAccessed(_data.getAccessed());
335                 _data.setAccessed(time);
336 
337                 int maxInterval=getMaxInactiveInterval();
338                 _data.setExpiryTime(maxInterval <= 0 ? 0 : (time + maxInterval*1000));
339                 return true;
340             }
341             return false;
342         }
343 
344         /** 
345          * Exit from session
346          * @see org.eclipse.jetty.server.session.AbstractSession#complete()
347          */
348         @Override
349         protected void complete()
350         {
351             super.complete();
352             try
353             {
354                 if (_dirty)
355                 { 
356                     //The session attributes have changed, write to the db, ensuring
357                     //http passivation/activation listeners called
358                     willPassivate();
359                     updateSession(_data);
360                     didActivate();
361                 }
362                 else if ((_data._accessed - _data._lastSaved) >= (getSaveInterval() * 1000))
363                 {  
364                     updateSessionAccessTime(_data);
365                 }
366             }
367             catch (Exception e)
368             {
369                 LOG.warn("Problem persisting changed session data id="+getId(), e);
370             }
371             finally
372             {
373                 _dirty=false;
374             }
375         }
376         
377         @Override
378         protected void timeout() throws IllegalStateException
379         {
380             if (LOG.isDebugEnabled()) LOG.debug("Timing out session id="+getClusterId());
381             super.timeout();
382         }
383     }
384     
385     
386     
387     
388     /**
389      * ClassLoadingObjectInputStream
390      *
391      *
392      */
393     protected class ClassLoadingObjectInputStream extends ObjectInputStream
394     {
395         public ClassLoadingObjectInputStream(java.io.InputStream in) throws IOException
396         {
397             super(in);
398         }
399 
400         public ClassLoadingObjectInputStream () throws IOException
401         {
402             super();
403         }
404 
405         @Override
406         public Class<?> resolveClass (java.io.ObjectStreamClass cl) throws IOException, ClassNotFoundException
407         {
408             try
409             {
410                 return Class.forName(cl.getName(), false, Thread.currentThread().getContextClassLoader());
411             }
412             catch (ClassNotFoundException e)
413             {
414                 return super.resolveClass(cl);
415             }
416         }
417     }
418     
419     
420 
421 
422     /**
423      * Set the time in seconds which is the interval between
424      * saving the session access time to the database.
425      * 
426      * This is an optimization that prevents the database from
427      * being overloaded when a session is accessed very frequently.
428      * 
429      * On session exit, if the session attributes have NOT changed,
430      * the time at which we last saved the accessed
431      * time is compared to the current accessed time. If the interval
432      * is at least saveIntervalSecs, then the access time will be
433      * persisted to the database.
434      * 
435      * If any session attribute does change, then the attributes and
436      * the accessed time are persisted.
437      * 
438      * @param sec
439      */
440     public void setSaveInterval (long sec)
441     {
442         _saveIntervalSec=sec;
443     }
444   
445     public long getSaveInterval ()
446     {
447         return _saveIntervalSec;
448     }
449 
450    
451     
452     /**
453      * A method that can be implemented in subclasses to support
454      * distributed caching of sessions. This method will be
455      * called whenever the session is written to the database
456      * because the session data has changed.
457      * 
458      * This could be used eg with a JMS backplane to notify nodes
459      * that the session has changed and to delete the session from
460      * the node's cache, and re-read it from the database.
461      * @param session
462      */
463     public void cacheInvalidate (Session session)
464     {
465         
466     }
467     
468     
469     /** 
470      * A session has been requested by it's id on this node.
471      * 
472      * Load the session by id AND context path from the database.
473      * Multiple contexts may share the same session id (due to dispatching)
474      * but they CANNOT share the same contents.
475      * 
476      * Check if last node id is my node id, if so, then the session we have
477      * in memory cannot be stale. If another node used the session last, then
478      * we need to refresh from the db.
479      * 
480      * NOTE: this method will go to the database, so if you only want to check 
481      * for the existence of a Session in memory, use _sessions.get(id) instead.
482      * 
483      * @see org.eclipse.jetty.server.session.AbstractSessionManager#getSession(java.lang.String)
484      */
485     @Override
486     public Session getSession(String idInCluster)
487     {
488         Session session = (Session)_sessions.get(idInCluster);
489         
490         synchronized (this)
491         {        
492             try
493             {                
494                 //check if we need to reload the session - 
495                 //as an optimization, don't reload on every access
496                 //to reduce the load on the database. This introduces a window of 
497                 //possibility that the node may decide that the session is local to it,
498                 //when the session has actually been live on another node, and then
499                 //re-migrated to this node. This should be an extremely rare occurrence,
500                 //as load-balancers are generally well-behaved and consistently send 
501                 //sessions to the same node, changing only iff that node fails. 
502                 SessionData data = null;
503                 long now = System.currentTimeMillis();
504                 if (LOG.isDebugEnabled()) 
505                 {
506                     if (session==null)
507                         LOG.debug("getSession("+idInCluster+"): not in session map,"+
508                                 " now="+now+
509                                 " lastSaved="+(session==null?0:session._data._lastSaved)+
510                                 " interval="+(_saveIntervalSec * 1000));
511                     else
512                         LOG.debug("getSession("+idInCluster+"): in session map, "+
513                                 " now="+now+
514                                 " lastSaved="+(session==null?0:session._data._lastSaved)+
515                                 " interval="+(_saveIntervalSec * 1000)+
516                                 " lastNode="+session._data.getLastNode()+
517                                 " thisNode="+getSessionIdManager().getWorkerName()+
518                                 " difference="+(now - session._data._lastSaved));
519                 }
520                 
521                 if (session==null || ((now - session._data._lastSaved) >= (_saveIntervalSec * 1000)))
522                 {       
523                     LOG.debug("getSession("+idInCluster+"): no session in session map or stale session. Reloading session data from db.");
524                     data = loadSession(idInCluster, canonicalize(_context.getContextPath()), getVirtualHost(_context));
525                 }
526                 else if ((now - session._data._lastSaved) >= (_saveIntervalSec * 1000))
527                 {
528                     LOG.debug("getSession("+idInCluster+"): stale session. Reloading session data from db.");
529                     data = loadSession(idInCluster, canonicalize(_context.getContextPath()), getVirtualHost(_context));
530                 }
531                 else
532                 {
533                     LOG.debug("getSession("+idInCluster+"): session in session map"); 
534                     data = session._data;
535                 }
536                 
537                 if (data != null)
538                 {
539                     if (!data.getLastNode().equals(getSessionIdManager().getWorkerName()) || session==null)
540                     {
541                         //if the session has no expiry, or it is not already expired
542                         if (data._expiryTime <= 0 || data._expiryTime > now)
543                         {
544                             LOG.debug("getSession("+idInCluster+"): lastNode="+data.getLastNode()+" thisNode="+getSessionIdManager().getWorkerName());
545                             data.setLastNode(getSessionIdManager().getWorkerName());
546                             //session last used on a different node, or we don't have it in memory
547                             session = new Session(now,data);
548                             _sessions.put(idInCluster, session);
549                             session.didActivate();
550                             //TODO is this the best way to do this? Or do this on the way out using
551                             //the _dirty flag?
552                             updateSessionNode(data);
553                         }
554                         else
555                             if (LOG.isDebugEnabled()) LOG.debug("getSession("+idInCluster+"): Session has expired");
556                         
557                     }
558                     else
559                         if (LOG.isDebugEnabled()) LOG.debug("getSession("+idInCluster+"): Session not stale "+session._data);
560                     //session in db shares same id, but is not for this context
561                 }
562                 else
563                 {
564                     //No session in db with matching id and context path.
565                     session=null;
566                     if (LOG.isDebugEnabled()) LOG.debug("getSession("+idInCluster+"): No session in database matching id="+idInCluster);
567                 }
568                 
569                 return session;
570             }
571             catch (Exception e)
572             {
573                 LOG.warn("Unable to load session from database", e);
574                 return null;
575             }
576         }
577     }
578     
579     /** 
580      * Get the number of sessions.
581      * 
582      * @see org.eclipse.jetty.server.session.AbstractSessionManager#getSessions()
583      */
584     @Override
585     public int getSessions()
586     {
587         int size = 0;
588         synchronized (this)
589         {
590             size = _sessions.size();
591         }
592         return size;
593     }
594 
595 
596     /** 
597      * Start the session manager.
598      * 
599      * @see org.eclipse.jetty.server.session.AbstractSessionManager#doStart()
600      */
601     @Override
602     public void doStart() throws Exception
603     {
604         if (_sessionIdManager==null)
605             throw new IllegalStateException("No session id manager defined");
606         
607         prepareTables();
608      
609         _sessions = new ConcurrentHashMap<String, AbstractSession>();
610         super.doStart();
611     }
612     
613     
614     /** 
615      * Stop the session manager.
616      * 
617      * @see org.eclipse.jetty.server.session.AbstractSessionManager#doStop()
618      */
619     @Override
620     public void doStop() throws Exception
621     {
622         _sessions.clear();
623         _sessions = null;
624         
625         super.doStop();
626     } 
627     
628     @Override
629     protected void invalidateSessions()
630     {
631         //Do nothing - we don't want to remove and
632         //invalidate all the sessions because this
633         //method is called from doStop(), and just
634         //because this context is stopping does not
635         //mean that we should remove the session from
636         //any other nodes
637     }
638 
639     
640     /**
641      * Invalidate a session.
642      * 
643      * @param idInCluster
644      */
645     protected void invalidateSession (String idInCluster)
646     {
647         Session session = null;
648         synchronized (this)
649         {
650             session = (Session)_sessions.get(idInCluster);
651         }
652         
653         if (session != null)
654         {
655             session.invalidate();
656         }
657     }
658    
659     /** 
660      * Delete an existing session, both from the in-memory map and
661      * the database.
662      * 
663      * @see org.eclipse.jetty.server.session.AbstractSessionManager#removeSession(java.lang.String)
664      */
665     @Override
666     protected boolean removeSession(String idInCluster)
667     {
668         synchronized (this)
669         {       
670             Session session = (Session)_sessions.remove(idInCluster);
671             try
672             {
673                 if (session != null)
674                     deleteSession(session._data);
675             }
676             catch (Exception e)
677             {
678                 LOG.warn("Problem deleting session id="+idInCluster, e);
679             }
680             return session!=null;
681         }
682     }
683 
684 
685     /** 
686      * Add a newly created session to our in-memory list for this node and persist it.
687      * 
688      * @see org.eclipse.jetty.server.session.AbstractSessionManager#addSession(org.eclipse.jetty.server.session.AbstractSession)
689      */
690     @Override
691     protected void addSession(AbstractSession session)
692     {
693         if (session==null)
694             return;
695 
696         synchronized (this)
697         {
698             _sessions.put(session.getClusterId(), session);
699         }
700         
701         //TODO or delay the store until exit out of session? If we crash before we store it
702         //then session data will be lost.
703         try
704         {
705             session.willPassivate();
706             storeSession(((JDBCSessionManager.Session)session)._data);
707             session.didActivate();
708         }
709         catch (Exception e)
710         {
711             LOG.warn("Unable to store new session id="+session.getId() , e);
712         }
713     }
714 
715 
716     /** 
717      * Make a new Session.
718      * 
719      * @see org.eclipse.jetty.server.session.AbstractSessionManager#newSession(javax.servlet.http.HttpServletRequest)
720      */
721     @Override
722     protected AbstractSession newSession(HttpServletRequest request)
723     {
724         return new Session(request);
725     }
726     
727     /* ------------------------------------------------------------ */
728     /** Remove session from manager 
729      * @param session The session to remove
730      * @param invalidate True if {@link HttpSessionListener#sessionDestroyed(HttpSessionEvent)} and
731      * {@link SessionIdManager#invalidateAll(String)} should be called.
732      */
733     @Override
734     public void removeSession(AbstractSession session, boolean invalidate)
735     {
736         // Remove session from context and global maps
737         boolean removed = false;
738         
739         synchronized (this)
740         {
741             //take this session out of the map of sessions for this context
742             if (getSession(session.getClusterId()) != null)
743             {
744                 removed = true;
745                 removeSession(session.getClusterId());
746             }
747         }
748 
749         if (removed)
750         {
751             // Remove session from all context and global id maps
752             _sessionIdManager.removeSession(session);
753             
754             if (invalidate)
755                 _sessionIdManager.invalidateAll(session.getClusterId());
756             
757             if (invalidate && !_sessionListeners.isEmpty())
758             {
759                 HttpSessionEvent event=new HttpSessionEvent(session);
760                 for (HttpSessionListener l : _sessionListeners)
761                     l.sessionDestroyed(event);
762             }
763             if (!invalidate)
764             {
765                 session.willPassivate();
766             }
767         }
768     }
769     
770     
771     /**
772      * Expire any Sessions we have in memory matching the list of
773      * expired Session ids.
774      * 
775      * @param sessionIds
776      */
777     protected void expire (List<?> sessionIds)
778     { 
779         //don't attempt to scavenge if we are shutting down
780         if (isStopping() || isStopped())
781             return;
782 
783         //Remove any sessions we already have in memory that match the ids
784         Thread thread=Thread.currentThread();
785         ClassLoader old_loader=thread.getContextClassLoader();
786         ListIterator<?> itor = sessionIds.listIterator();
787 
788         try
789         {
790             while (itor.hasNext())
791             {
792                 String sessionId = (String)itor.next();
793                 if (LOG.isDebugEnabled()) LOG.debug("Expiring session id "+sessionId);
794                 
795                 Session session = (Session)_sessions.get(sessionId);
796                 if (session != null)
797                 {
798                     session.timeout();
799                     itor.remove();
800                 }
801                 else
802                 {
803                     if (LOG.isDebugEnabled()) LOG.debug("Unrecognized session id="+sessionId);
804                 }
805             }
806         }
807         catch (Throwable t)
808         {
809             if (t instanceof ThreadDeath)
810                 throw ((ThreadDeath)t);
811             else
812                 LOG.warn("Problem expiring sessions", t);
813         }
814         finally
815         {
816             thread.setContextClassLoader(old_loader);
817         }
818     }
819     
820  
821     protected void prepareTables ()
822     {
823         __sessionTableRowId = ((JDBCSessionIdManager)_sessionIdManager)._sessionTableRowId;
824         
825         __insertSession = "insert into "+((JDBCSessionIdManager)_sessionIdManager)._sessionTable+
826                           " ("+__sessionTableRowId+", sessionId, contextPath, virtualHost, lastNode, accessTime, lastAccessTime, createTime, cookieTime, lastSavedTime, expiryTime, map) "+
827                           " values (?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?, ?)";
828 
829         __deleteSession = "delete from "+((JDBCSessionIdManager)_sessionIdManager)._sessionTable+
830                           " where "+__sessionTableRowId+" = ?";
831 
832         __selectSession = "select * from "+((JDBCSessionIdManager)_sessionIdManager)._sessionTable+
833                           " where sessionId = ? and contextPath = ? and virtualHost = ?";
834 
835         __updateSession = "update "+((JDBCSessionIdManager)_sessionIdManager)._sessionTable+
836                           " set lastNode = ?, accessTime = ?, lastAccessTime = ?, lastSavedTime = ?, expiryTime = ?, map = ? where "+__sessionTableRowId+" = ?";
837 
838         __updateSessionNode = "update "+((JDBCSessionIdManager)_sessionIdManager)._sessionTable+
839                               " set lastNode = ? where "+__sessionTableRowId+" = ?";
840 
841         __updateSessionAccessTime = "update "+((JDBCSessionIdManager)_sessionIdManager)._sessionTable+
842                                     " set lastNode = ?, accessTime = ?, lastAccessTime = ?, lastSavedTime = ?, expiryTime = ? where "+__sessionTableRowId+" = ?";
843     }
844     
845     /**
846      * Load a session from the database
847      * @param id
848      * @return the session data that was loaded
849      * @throws Exception
850      */
851     protected SessionData loadSession (final String id, final String canonicalContextPath, final String vhost)
852     throws Exception
853     {
854         final AtomicReference<SessionData> _reference = new AtomicReference<SessionData>();
855         final AtomicReference<Exception> _exception = new AtomicReference<Exception>();
856         Runnable load = new Runnable()
857         {
858             @SuppressWarnings("unchecked")
859             public void run()
860             {
861                 SessionData data = null;
862                 Connection connection=null;
863                 PreparedStatement statement = null;
864                 try
865                 {   
866                     connection = getConnection();
867                     statement = connection.prepareStatement(__selectSession);
868                     statement.setString(1, id);
869                     statement.setString(2, canonicalContextPath);
870                     statement.setString(3, vhost);
871                     ResultSet result = statement.executeQuery();
872                     if (result.next())
873                     {
874                         data = new SessionData(id);
875                         data.setRowId(result.getString(__sessionTableRowId));
876                         data.setCookieSet(result.getLong("cookieTime"));
877                         data.setLastAccessed(result.getLong("lastAccessTime"));
878                         data.setAccessed (result.getLong("accessTime"));
879                         data.setCreated(result.getLong("createTime"));
880                         data.setLastNode(result.getString("lastNode"));
881                         data.setLastSaved(result.getLong("lastSavedTime"));
882                         data.setExpiryTime(result.getLong("expiryTime"));
883                         data.setCanonicalContext(result.getString("contextPath"));
884                         data.setVirtualHost(result.getString("virtualHost"));
885 
886                         InputStream is = ((JDBCSessionIdManager)getSessionIdManager())._dbAdaptor.getBlobInputStream(result, "map");
887                         ClassLoadingObjectInputStream ois = new ClassLoadingObjectInputStream (is);
888                         Object o = ois.readObject();
889                         data.setAttributeMap((Map<String,Object>)o);
890                         ois.close();
891 
892                         if (LOG.isDebugEnabled())
893                             LOG.debug("LOADED session "+data);
894                     }
895                     _reference.set(data);
896                 }
897                 catch (Exception e)
898                 {
899                     _exception.set(e);
900                 }
901                 finally
902                 {
903                     if (connection!=null)
904                     {
905                         try { connection.close();}
906                         catch(Exception e) { LOG.warn(e); }
907                     }
908                 }  
909             }
910         };
911         
912         if (_context==null)
913             load.run();
914         else
915             _context.getContextHandler().handle(load);
916         
917         if (_exception.get()!=null)
918             throw _exception.get();
919         
920         return _reference.get();
921     }
922     
923     /**
924      * Insert a session into the database.
925      * 
926      * @param data
927      * @throws Exception
928      */
929     protected void storeSession (SessionData data)
930     throws Exception
931     {
932         if (data==null)
933             return;
934         
935         //put into the database      
936         Connection connection = getConnection();
937         PreparedStatement statement = null;
938         try
939         {   
940             String rowId = calculateRowId(data);
941             
942             long now = System.currentTimeMillis();
943             connection.setAutoCommit(true);
944             statement = connection.prepareStatement(__insertSession);
945             statement.setString(1, rowId); //rowId
946             statement.setString(2, data.getId()); //session id
947             statement.setString(3, data.getCanonicalContext()); //context path
948             statement.setString(4, data.getVirtualHost()); //first vhost
949             statement.setString(5, getSessionIdManager().getWorkerName());//my node id
950             statement.setLong(6, data.getAccessed());//accessTime
951             statement.setLong(7, data.getLastAccessed()); //lastAccessTime
952             statement.setLong(8, data.getCreated()); //time created
953             statement.setLong(9, data.getCookieSet());//time cookie was set
954             statement.setLong(10, now); //last saved time
955             statement.setLong(11, data.getExpiryTime());
956             
957             ByteArrayOutputStream baos = new ByteArrayOutputStream();
958             ObjectOutputStream oos = new ObjectOutputStream(baos);
959             oos.writeObject(data.getAttributeMap());
960             byte[] bytes = baos.toByteArray();
961             
962             ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
963             statement.setBinaryStream(12, bais, bytes.length);//attribute map as blob
964             
965             statement.executeUpdate();
966             data.setRowId(rowId); //set it on the in-memory data as well as in db
967             data.setLastSaved(now);
968 
969             
970             if (LOG.isDebugEnabled())
971                 LOG.debug("Stored session "+data);
972         }   
973         finally
974         {
975             if (connection!=null)
976                 connection.close();
977         }
978     }
979     
980     
981     /**
982      * Update data on an existing persisted session.
983      * 
984      * @param data
985      * @throws Exception
986      */
987     protected void updateSession (SessionData data)
988     throws Exception
989     {
990         if (data==null)
991             return;
992         
993         Connection connection = getConnection();
994         PreparedStatement statement = null;
995         try
996         {              
997             long now = System.currentTimeMillis();
998             connection.setAutoCommit(true);
999             statement = connection.prepareStatement(__updateSession);     
1000             statement.setString(1, getSessionIdManager().getWorkerName());//my node id
1001             statement.setLong(2, data.getAccessed());//accessTime
1002             statement.setLong(3, data.getLastAccessed()); //lastAccessTime
1003             statement.setLong(4, now); //last saved time
1004             statement.setLong(5, data.getExpiryTime());
1005             
1006             ByteArrayOutputStream baos = new ByteArrayOutputStream();
1007             ObjectOutputStream oos = new ObjectOutputStream(baos);
1008             oos.writeObject(data.getAttributeMap());
1009             byte[] bytes = baos.toByteArray();
1010             ByteArrayInputStream bais = new ByteArrayInputStream(bytes);
1011             
1012             statement.setBinaryStream(6, bais, bytes.length);//attribute map as blob 
1013             statement.setString(7, data.getRowId()); //rowId
1014             statement.executeUpdate();
1015             
1016             data.setLastSaved(now);
1017             if (LOG.isDebugEnabled())
1018                 LOG.debug("Updated session "+data);
1019         }
1020         finally
1021         {
1022             if (connection!=null)
1023                 connection.close();
1024         }
1025     }
1026     
1027     
1028     /**
1029      * Update the node on which the session was last seen to be my node.
1030      * 
1031      * @param data
1032      * @throws Exception
1033      */
1034     protected void updateSessionNode (SessionData data)
1035     throws Exception
1036     {
1037         String nodeId = getSessionIdManager().getWorkerName();
1038         Connection connection = getConnection();
1039         PreparedStatement statement = null;
1040         try
1041         {            
1042             connection.setAutoCommit(true);
1043             statement = connection.prepareStatement(__updateSessionNode);
1044             statement.setString(1, nodeId);
1045             statement.setString(2, data.getRowId());
1046             statement.executeUpdate();
1047             statement.close();
1048             if (LOG.isDebugEnabled())
1049                 LOG.debug("Updated last node for session id="+data.getId()+", lastNode = "+nodeId);
1050         }
1051         finally
1052         {
1053             if (connection!=null)
1054                 connection.close();
1055         }
1056     }
1057     
1058     /**
1059      * Persist the time the session was last accessed.
1060      * 
1061      * @param data
1062      * @throws Exception
1063      */
1064     private void updateSessionAccessTime (SessionData data)
1065     throws Exception
1066     {
1067         Connection connection = getConnection();
1068         PreparedStatement statement = null;
1069         try
1070         {            
1071             long now = System.currentTimeMillis();
1072             connection.setAutoCommit(true);
1073             statement = connection.prepareStatement(__updateSessionAccessTime);
1074             statement.setString(1, getSessionIdManager().getWorkerName());
1075             statement.setLong(2, data.getAccessed());
1076             statement.setLong(3, data.getLastAccessed());
1077             statement.setLong(4, now);
1078             statement.setLong(5, data.getExpiryTime());
1079             statement.setString(6, data.getRowId());
1080             statement.executeUpdate();
1081             data.setLastSaved(now);
1082             statement.close();
1083             if (LOG.isDebugEnabled())
1084                 LOG.debug("Updated access time session id="+data.getId());
1085         }
1086         finally
1087         {
1088             if (connection!=null)
1089                 connection.close();
1090         }
1091     }
1092     
1093     
1094     
1095     
1096     /**
1097      * Delete a session from the database. Should only be called
1098      * when the session has been invalidated.
1099      * 
1100      * @param data
1101      * @throws Exception
1102      */
1103     protected void deleteSession (SessionData data)
1104     throws Exception
1105     {
1106         Connection connection = getConnection();
1107         PreparedStatement statement = null;
1108         try
1109         {
1110             connection.setAutoCommit(true);
1111             statement = connection.prepareStatement(__deleteSession);
1112             statement.setString(1, data.getRowId());
1113             statement.executeUpdate();
1114             if (LOG.isDebugEnabled())
1115                 LOG.debug("Deleted Session "+data);
1116         }
1117         finally
1118         {
1119             if (connection!=null)
1120                 connection.close();
1121         } 
1122     }
1123     
1124     
1125     
1126     /**
1127      * Get a connection from the driver.
1128      * @return
1129      * @throws SQLException
1130      */
1131     private Connection getConnection ()
1132     throws SQLException
1133     { 
1134         return ((JDBCSessionIdManager)getSessionIdManager()).getConnection();
1135     }
1136 
1137     /**
1138      * Calculate a unique id for this session across the cluster.
1139      * 
1140      * Unique id is composed of: contextpath_virtualhost0_sessionid
1141      * @param data
1142      * @return
1143      */
1144     private String calculateRowId (SessionData data)
1145     {
1146         String rowId = canonicalize(_context.getContextPath());
1147         rowId = rowId + "_" + getVirtualHost(_context);
1148         rowId = rowId+"_"+data.getId();
1149         return rowId;
1150     }
1151     
1152     /**
1153      * Get the first virtual host for the context.
1154      * 
1155      * Used to help identify the exact session/contextPath.
1156      * 
1157      * @return 0.0.0.0 if no virtual host is defined
1158      */
1159     private String getVirtualHost (ContextHandler.Context context)
1160     {
1161         String vhost = "0.0.0.0";
1162         
1163         if (context==null)
1164             return vhost;
1165         
1166         String [] vhosts = context.getContextHandler().getVirtualHosts();
1167         if (vhosts==null || vhosts.length==0 || vhosts[0]==null)
1168             return vhost;
1169         
1170         return vhosts[0];
1171     }
1172     
1173     /**
1174      * Make an acceptable file name from a context path.
1175      * 
1176      * @param path
1177      * @return
1178      */
1179     private String canonicalize (String path)
1180     {
1181         if (path==null)
1182             return "";
1183         
1184         return path.replace('/', '_').replace('.','_').replace('\\','_');
1185     }
1186 }