Class StandardSession

java.lang.Object
org.apache.catalina.session.StandardSession
All Implemented Interfaces:
Serializable, HttpSession, Session
Direct Known Subclasses:
DeltaSession

public class StandardSession extends Object implements HttpSession, Session, Serializable
Standard implementation of the Session interface. This object is serializable, so that it can be stored in persistent storage or transferred to a different JVM for distributable session support.

IMPLEMENTATION NOTE: An instance of this class represents both the internal (Session) and application level (HttpSession) view of the session. However, because the class itself is not declared public, Java logic outside of the org.apache.catalina.session package cannot cast an HttpSession view of this instance back to a Session view.

IMPLEMENTATION NOTE: If you add fields to this class, you must make sure that you carry them over in the read/writeObject methods so that this class is properly serialized.

Author:
Craig R. McClanahan, Sean Legassick, Jon S. Stevens
See Also:
  • Field Summary

    Fields
    Modifier and Type
    Field
    Description
    protected AtomicInteger
    The access count for this session.
    protected static final boolean
     
    The collection of user data attributes associated with this Session.
    protected String
    The authentication type used to authenticate our cached Principal, if any.
    protected long
    The time this session was created, in milliseconds since midnight, January 1, 1970 GMT.
    protected static final String[]
    Type array.
    protected boolean
    We are currently processing a session expiration, so bypass certain IllegalStateException tests.
    The facade associated with this session.
    protected String
    The session identifier of this Session.
    protected boolean
    Flag indicating whether this session is new or not.
    protected boolean
    Flag indicating whether this session is valid or not.
    protected static final boolean
     
    protected long
    The last accessed time for this Session.
    The session event listeners for this Session.
    protected Manager
    The Manager with which this Session is associated.
    protected int
    The maximum time interval, in seconds, between client requests before the servlet container may invalidate this session.
    protected Map<String,Object>
    Internal notes associated with this session by Catalina components and event listeners.
    protected Principal
    The authenticated Principal associated with this session, if any.
    protected static HttpSessionContext
    Deprecated.
    protected static final StringManager
    The string manager for this package.
    protected static final boolean
     
    protected final PropertyChangeSupport
    The property change support for this component.
    protected long
    The current accessed time for this session.
  • Constructor Summary

    Constructors
    Constructor
    Description
    Construct a new Session associated with the specified Manager.
  • Method Summary

    Modifier and Type
    Method
    Description
    void
    Update the accessed time information for this session.
    void
    Perform internal processing required to activate this session.
    void
    Add a session event listener to this component.
    protected void
    Read a serialized version of this session object from the specified object input stream.
    protected void
    Write a serialized version of this session object to the specified object output stream.
    void
    End the access.
    protected boolean
    exclude(String name, Object value)
    Should the given session attribute be excluded?
    void
    Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
    void
    expire(boolean notify)
    Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
    void
    Notify all session event listeners that a particular event has occurred for this Session.
    Return the object bound with the specified name in this session, or null if no object is bound with that name.
    Return an Enumeration of String objects containing the names of the objects bound to this session.
    Return the authentication type used to authenticate our cached Principal, if any.
    long
    Return the time when this session was created, in milliseconds since midnight, January 1, 1970 GMT.
    long
    Return the time when this session was created, in milliseconds since midnight, January 1, 1970 GMT, bypassing the session validation checks.
    Return the session identifier for this session.
    Return the session identifier for this session.
    long
    Return the idle time (in milliseconds) from last client access time.
    long
    Return the idle time from last client access time without invalidation check
    long
    Return the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT.
    long
    Return the last client access time without invalidation check
    Return the Manager within which this Session is valid.
    int
    Return the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session.
    Return the object bound with the specified name to the internal notes for this session, or null if no such binding exists.
    Return an Iterator containing the String names of all notes bindings that exist for this session.
    Return the authenticated Principal that is associated with this Session.
    Return the ServletContext to which this session belongs.
    Return the HttpSession for which this object is the facade.
    Deprecated.
    As of Version 2.1, this method is deprecated and has no replacement.
    long
    Return the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT.
    long
    Return the last client access time without invalidation check
    Deprecated.
    As of Version 2.2, this method is replaced by getAttribute()
    Deprecated.
    As of Version 2.2, this method is replaced by getAttributeNames()
    void
    Invalidates this session and unbinds any objects bound to it.
    boolean
    Does the session implementation support the distributing of the given attribute?
    boolean
    Return true if the client does not yet know about the session, or if the client chooses not to join the session.
    boolean
    Return the isValid flag for this session.
    protected boolean
     
    protected String[]
     
    void
    Perform the internal processing required to passivate this session.
    void
    putValue(String name, Object value)
    Deprecated.
    As of Version 2.2, this method is replaced by setAttribute()
    void
    Read a serialized version of the contents of this session object from the specified object input stream, without requiring that the StandardSession itself have been serialized.
    void
    Release all object references, and initialize instance variables, in preparation for reuse of this object.
    void
    Remove the object bound with the specified name from this session.
    void
    removeAttribute(String name, boolean notify)
    Remove the object bound with the specified name from this session.
    protected void
    removeAttributeInternal(String name, boolean notify)
    Remove the object bound with the specified name from this session.
    void
    Remove any object bound to the specified name in the internal notes for this session.
    void
    Remove a session event listener from this component.
    void
    Deprecated.
    As of Version 2.2, this method is replaced by removeAttribute()
    void
    setAttribute(String name, Object value)
    Bind an object to this session, using the specified name.
    void
    setAttribute(String name, Object value, boolean notify)
    Bind an object to this session, using the specified name.
    void
    setAuthType(String authType)
    Set the authentication type used to authenticate our cached Principal, if any.
    void
    setCreationTime(long time)
    Set the creation time for this session.
    void
    Set the session identifier for this session.
    void
    setId(String id, boolean notify)
    Set the session identifier for this session and optionally notifies any associated listeners that a new session has been created.
    void
    Set the Manager within which this Session is valid.
    void
    setMaxInactiveInterval(int interval)
    Set the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session.
    void
    setNew(boolean isNew)
    Set the isNew flag for this session.
    void
    setNote(String name, Object value)
    Bind an object to a specified name in the internal notes associated with this session, replacing any existing binding for this name.
    void
    Set the authenticated Principal that is associated with this Session.
    void
    setValid(boolean isValid)
    Set the isValid flag for this session.
    void
    tellChangedSessionId(String newId, String oldId, boolean notifySessionListeners, boolean notifyContainerListeners)
    Inform the listeners about the change session ID.
    void
    Inform the listeners about the new session.
    Return a string representation of this object.
    void
    Write a serialized version of the contents of this session object to the specified object output stream, without requiring that the StandardSession itself have been serialized.

    Methods inherited from class java.lang.Object

    clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait
  • Field Details

    • STRICT_SERVLET_COMPLIANCE

      protected static final boolean STRICT_SERVLET_COMPLIANCE
    • ACTIVITY_CHECK

      protected static final boolean ACTIVITY_CHECK
    • LAST_ACCESS_AT_START

      protected static final boolean LAST_ACCESS_AT_START
    • EMPTY_ARRAY

      protected static final String[] EMPTY_ARRAY
      Type array.
    • attributes

      protected ConcurrentMap<String,Object> attributes
      The collection of user data attributes associated with this Session.
    • authType

      protected transient String authType
      The authentication type used to authenticate our cached Principal, if any. NOTE: This value is not included in the serialized version of this object.
    • creationTime

      protected long creationTime
      The time this session was created, in milliseconds since midnight, January 1, 1970 GMT.
    • expiring

      protected transient volatile boolean expiring
      We are currently processing a session expiration, so bypass certain IllegalStateException tests. NOTE: This value is not included in the serialized version of this object.
    • facade

      protected transient StandardSessionFacade facade
      The facade associated with this session. NOTE: This value is not included in the serialized version of this object.
    • id

      protected String id
      The session identifier of this Session.
    • lastAccessedTime

      protected volatile long lastAccessedTime
      The last accessed time for this Session.
    • listeners

      protected transient ArrayList<SessionListener> listeners
      The session event listeners for this Session.
    • manager

      protected transient Manager manager
      The Manager with which this Session is associated.
    • maxInactiveInterval

      protected volatile int maxInactiveInterval
      The maximum time interval, in seconds, between client requests before the servlet container may invalidate this session. A negative time indicates that the session should never time out.
    • isNew

      protected volatile boolean isNew
      Flag indicating whether this session is new or not.
    • isValid

      protected volatile boolean isValid
      Flag indicating whether this session is valid or not.
    • notes

      protected transient Map<String,Object> notes
      Internal notes associated with this session by Catalina components and event listeners. IMPLEMENTATION NOTE: This object is not saved and restored across session serializations!
    • principal

      protected transient Principal principal
      The authenticated Principal associated with this session, if any. IMPLEMENTATION NOTE: This object is not saved and restored across session serializations!
    • sm

      protected static final StringManager sm
      The string manager for this package.
    • sessionContext

      @Deprecated protected static volatile HttpSessionContext sessionContext
      Deprecated.
      The HTTP session context associated with this session.
    • support

      protected final transient PropertyChangeSupport support
      The property change support for this component. NOTE: This value is not included in the serialized version of this object.
    • thisAccessedTime

      protected volatile long thisAccessedTime
      The current accessed time for this session.
    • accessCount

      protected transient AtomicInteger accessCount
      The access count for this session.
  • Constructor Details

    • StandardSession

      public StandardSession(Manager manager)
      Construct a new Session associated with the specified Manager.
      Parameters:
      manager - The manager with which this Session is associated
  • Method Details

    • getAuthType

      public String getAuthType()
      Return the authentication type used to authenticate our cached Principal, if any.
      Specified by:
      getAuthType in interface Session
      Returns:
      the authentication type used to authenticate our cached Principal, if any.
    • setAuthType

      public void setAuthType(String authType)
      Set the authentication type used to authenticate our cached Principal, if any.
      Specified by:
      setAuthType in interface Session
      Parameters:
      authType - The new cached authentication type
    • setCreationTime

      public void setCreationTime(long time)
      Set the creation time for this session. This method is called by the Manager when an existing Session instance is reused.
      Specified by:
      setCreationTime in interface Session
      Parameters:
      time - The new creation time
    • getId

      public String getId()
      Return the session identifier for this session.
      Specified by:
      getId in interface HttpSession
      Specified by:
      getId in interface Session
      Returns:
      a string specifying the identifier assigned to this session
    • getIdInternal

      public String getIdInternal()
      Return the session identifier for this session.
      Specified by:
      getIdInternal in interface Session
      Returns:
      the session identifier for this session.
    • setId

      public void setId(String id)
      Set the session identifier for this session.
      Specified by:
      setId in interface Session
      Parameters:
      id - The new session identifier
    • setId

      public void setId(String id, boolean notify)
      Description copied from interface: Session
      Set the session identifier for this session and optionally notifies any associated listeners that a new session has been created.
      Specified by:
      setId in interface Session
      Parameters:
      id - The new session identifier
      notify - Should any associated listeners be notified that a new session has been created?
    • tellNew

      public void tellNew()
      Inform the listeners about the new session.
    • tellChangedSessionId

      public void tellChangedSessionId(String newId, String oldId, boolean notifySessionListeners, boolean notifyContainerListeners)
      Inform the listeners about the change session ID.
      Specified by:
      tellChangedSessionId in interface Session
      Parameters:
      newId - new session ID
      oldId - old session ID
      notifySessionListeners - Should any associated sessionListeners be notified that session ID has been changed?
      notifyContainerListeners - Should any associated ContainerListeners be notified that session ID has been changed?
    • getThisAccessedTime

      public long getThisAccessedTime()
      Return the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT. Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time. This one gets updated whenever a request starts.
      Specified by:
      getThisAccessedTime in interface Session
      Returns:
      the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT. Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time. This one gets updated whenever a request starts.
    • getThisAccessedTimeInternal

      public long getThisAccessedTimeInternal()
      Return the last client access time without invalidation check
      Specified by:
      getThisAccessedTimeInternal in interface Session
      Returns:
      the last client access time without invalidation check
      See Also:
    • getLastAccessedTime

      public long getLastAccessedTime()
      Return the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT. Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time. This one gets updated whenever a request finishes.
      Specified by:
      getLastAccessedTime in interface HttpSession
      Specified by:
      getLastAccessedTime in interface Session
      Returns:
      a long representing the last time the client sent a request associated with this session, expressed in milliseconds since 1/1/1970 GMT
    • getLastAccessedTimeInternal

      public long getLastAccessedTimeInternal()
      Return the last client access time without invalidation check
      Specified by:
      getLastAccessedTimeInternal in interface Session
      Returns:
      the last client access time without invalidation check
      See Also:
    • getIdleTime

      public long getIdleTime()
      Return the idle time (in milliseconds) from last client access time.
      Specified by:
      getIdleTime in interface Session
      Returns:
      the idle time (in milliseconds) from last client access time.
    • getIdleTimeInternal

      public long getIdleTimeInternal()
      Return the idle time from last client access time without invalidation check
      Specified by:
      getIdleTimeInternal in interface Session
      Returns:
      the idle time from last client access time without invalidation check
      See Also:
    • getManager

      public Manager getManager()
      Return the Manager within which this Session is valid.
      Specified by:
      getManager in interface Session
      Returns:
      the Manager within which this Session is valid.
    • setManager

      public void setManager(Manager manager)
      Set the Manager within which this Session is valid.
      Specified by:
      setManager in interface Session
      Parameters:
      manager - The new Manager
    • getMaxInactiveInterval

      public int getMaxInactiveInterval()
      Return the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session. A negative time indicates that the session should never time out.
      Specified by:
      getMaxInactiveInterval in interface HttpSession
      Specified by:
      getMaxInactiveInterval in interface Session
      Returns:
      an integer specifying the number of seconds this session remains open between client requests
      See Also:
    • setMaxInactiveInterval

      public void setMaxInactiveInterval(int interval)
      Set the maximum time interval, in seconds, between client requests before the servlet container will invalidate the session. A zero or negative time indicates that the session should never time out.
      Specified by:
      setMaxInactiveInterval in interface HttpSession
      Specified by:
      setMaxInactiveInterval in interface Session
      Parameters:
      interval - The new maximum interval
    • setNew

      public void setNew(boolean isNew)
      Set the isNew flag for this session.
      Specified by:
      setNew in interface Session
      Parameters:
      isNew - The new value for the isNew flag
    • getPrincipal

      public Principal getPrincipal()
      Return the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request. If there is no current associated Principal, return null.
      Specified by:
      getPrincipal in interface Session
      Returns:
      the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request. If there is no current associated Principal, return null.
    • setPrincipal

      public void setPrincipal(Principal principal)
      Set the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request.
      Specified by:
      setPrincipal in interface Session
      Parameters:
      principal - The new Principal, or null if none
    • getSession

      public HttpSession getSession()
      Return the HttpSession for which this object is the facade.
      Specified by:
      getSession in interface Session
      Returns:
      the HttpSession for which this object is the facade.
    • isValid

      public boolean isValid()
      Return the isValid flag for this session.
      Specified by:
      isValid in interface Session
      Returns:
      true if the session is still valid
    • setValid

      public void setValid(boolean isValid)
      Set the isValid flag for this session.
      Specified by:
      setValid in interface Session
      Parameters:
      isValid - The new value for the isValid flag
    • access

      public void access()
      Update the accessed time information for this session. This method should be called by the context when a request comes in for a particular session, even if the application does not reference it.
      Specified by:
      access in interface Session
    • endAccess

      public void endAccess()
      End the access.
      Specified by:
      endAccess in interface Session
    • addSessionListener

      public void addSessionListener(SessionListener listener)
      Add a session event listener to this component.
      Specified by:
      addSessionListener in interface Session
      Parameters:
      listener - the SessionListener instance that should be notified for session events
    • expire

      public void expire()
      Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
      Specified by:
      expire in interface Session
    • expire

      public void expire(boolean notify)
      Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
      Parameters:
      notify - Should we notify listeners about the demise of this session?
    • passivate

      public void passivate()
      Perform the internal processing required to passivate this session.
    • activate

      public void activate()
      Perform internal processing required to activate this session.
    • getNote

      public Object getNote(String name)
      Return the object bound with the specified name to the internal notes for this session, or null if no such binding exists.
      Specified by:
      getNote in interface Session
      Parameters:
      name - Name of the note to be returned
      Returns:
      the object bound with the specified name to the internal notes for this session, or null if no such binding exists.
    • getNoteNames

      public Iterator<String> getNoteNames()
      Return an Iterator containing the String names of all notes bindings that exist for this session.
      Specified by:
      getNoteNames in interface Session
      Returns:
      an Iterator containing the String names of all notes bindings that exist for this session.
    • recycle

      public void recycle()
      Release all object references, and initialize instance variables, in preparation for reuse of this object.
      Specified by:
      recycle in interface Session
    • removeNote

      public void removeNote(String name)
      Remove any object bound to the specified name in the internal notes for this session.
      Specified by:
      removeNote in interface Session
      Parameters:
      name - Name of the note to be removed
    • removeSessionListener

      public void removeSessionListener(SessionListener listener)
      Remove a session event listener from this component.
      Specified by:
      removeSessionListener in interface Session
      Parameters:
      listener - remove the session listener, which will no longer be notified
    • setNote

      public void setNote(String name, Object value)
      Bind an object to a specified name in the internal notes associated with this session, replacing any existing binding for this name.
      Specified by:
      setNote in interface Session
      Parameters:
      name - Name to which the object should be bound
      value - Object to be bound to the specified name
    • toString

      public String toString()
      Return a string representation of this object.
      Overrides:
      toString in class Object
    • readObjectData

      public void readObjectData(ObjectInputStream stream) throws ClassNotFoundException, IOException
      Read a serialized version of the contents of this session object from the specified object input stream, without requiring that the StandardSession itself have been serialized.
      Parameters:
      stream - The object input stream to read from
      Throws:
      ClassNotFoundException - if an unknown class is specified
      IOException - if an input/output error occurs
    • writeObjectData

      public void writeObjectData(ObjectOutputStream stream) throws IOException
      Write a serialized version of the contents of this session object to the specified object output stream, without requiring that the StandardSession itself have been serialized.
      Parameters:
      stream - The object output stream to write to
      Throws:
      IOException - if an input/output error occurs
    • getCreationTime

      public long getCreationTime()
      Return the time when this session was created, in milliseconds since midnight, January 1, 1970 GMT.
      Specified by:
      getCreationTime in interface HttpSession
      Specified by:
      getCreationTime in interface Session
      Returns:
      a long specifying when this session was created, expressed in milliseconds since 1/1/1970 GMT
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • getCreationTimeInternal

      public long getCreationTimeInternal()
      Return the time when this session was created, in milliseconds since midnight, January 1, 1970 GMT, bypassing the session validation checks.
      Specified by:
      getCreationTimeInternal in interface Session
      Returns:
      the creation time for this session, bypassing the session validity checks.
    • getServletContext

      public ServletContext getServletContext()
      Return the ServletContext to which this session belongs.
      Specified by:
      getServletContext in interface HttpSession
      Returns:
      The ServletContext object for the web application
    • getSessionContext

      @Deprecated public HttpSessionContext getSessionContext()
      Deprecated.
      As of Version 2.1, this method is deprecated and has no replacement. It will be removed in a future version of the Java Servlet API.
      Return the session context with which this session is associated.
      Specified by:
      getSessionContext in interface HttpSession
      Returns:
      A dummy implementation of HttpSessionContext
    • getAttribute

      public Object getAttribute(String name)
      Return the object bound with the specified name in this session, or null if no object is bound with that name.
      Specified by:
      getAttribute in interface HttpSession
      Parameters:
      name - Name of the attribute to be returned
      Returns:
      the object with the specified name
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • getAttributeNames

      public Enumeration<String> getAttributeNames()
      Return an Enumeration of String objects containing the names of the objects bound to this session.
      Specified by:
      getAttributeNames in interface HttpSession
      Returns:
      an Enumeration of String objects specifying the names of all the objects bound to this session
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • getValue

      @Deprecated public Object getValue(String name)
      Deprecated.
      As of Version 2.2, this method is replaced by getAttribute()
      Return the object bound with the specified name in this session, or null if no object is bound with that name.
      Specified by:
      getValue in interface HttpSession
      Parameters:
      name - Name of the value to be returned
      Returns:
      the object with the specified name
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • getValueNames

      @Deprecated public String[] getValueNames()
      Deprecated.
      As of Version 2.2, this method is replaced by getAttributeNames()
      Return the set of names of objects bound to this session. If there are no such objects, a zero-length array is returned.
      Specified by:
      getValueNames in interface HttpSession
      Returns:
      an array of String objects specifying the names of all the objects bound to this session
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • invalidate

      public void invalidate()
      Invalidates this session and unbinds any objects bound to it.
      Specified by:
      invalidate in interface HttpSession
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • isNew

      public boolean isNew()
      Return true if the client does not yet know about the session, or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client has disabled the use of cookies, then a session would be new on each request.
      Specified by:
      isNew in interface HttpSession
      Returns:
      true if the server has created a session, but the client has not yet joined
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • putValue

      @Deprecated public void putValue(String name, Object value)
      Deprecated.
      As of Version 2.2, this method is replaced by setAttribute()
      Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

      After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

      Specified by:
      putValue in interface HttpSession
      Parameters:
      name - Name to which the object is bound, cannot be null
      value - Object to be bound, cannot be null
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • removeAttribute

      public void removeAttribute(String name)
      Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

      After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

      Specified by:
      removeAttribute in interface HttpSession
      Parameters:
      name - Name of the object to remove from this session.
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • removeAttribute

      public void removeAttribute(String name, boolean notify)
      Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

      After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

      Parameters:
      name - Name of the object to remove from this session.
      notify - Should we notify interested listeners that this attribute is being removed?
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • removeValue

      @Deprecated public void removeValue(String name)
      Deprecated.
      As of Version 2.2, this method is replaced by removeAttribute()
      Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

      After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

      Specified by:
      removeValue in interface HttpSession
      Parameters:
      name - Name of the object to remove from this session.
      Throws:
      IllegalStateException - if this method is called on an invalidated session
    • setAttribute

      public void setAttribute(String name, Object value)
      Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

      After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

      Specified by:
      setAttribute in interface HttpSession
      Parameters:
      name - Name to which the object is bound, cannot be null
      value - Object to be bound, cannot be null
      Throws:
      IllegalArgumentException - if an attempt is made to add a non-serializable object in an environment marked distributable.
      IllegalStateException - if this method is called on an invalidated session
    • setAttribute

      public void setAttribute(String name, Object value, boolean notify)
      Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

      After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

      Parameters:
      name - Name to which the object is bound, cannot be null
      value - Object to be bound, cannot be null
      notify - whether to notify session listeners
      Throws:
      IllegalArgumentException - if an attempt is made to add a non-serializable object in an environment marked distributable.
      IllegalStateException - if this method is called on an invalidated session
    • isValidInternal

      protected boolean isValidInternal()
      Returns:
      the isValid flag for this session without any expiration check.
    • isAttributeDistributable

      public boolean isAttributeDistributable(String name, Object value)
      Does the session implementation support the distributing of the given attribute? If the Manager is marked as distributable, then this method must be used to check attributes before adding them to a session and an IllegalArgumentException thrown if the proposed attribute is not distributable.

      Note that the Manager implementation may further restrict which attributes are distributed but a Manager level restriction should not trigger an IllegalArgumentException in HttpSession.setAttribute(String, Object)

      This implementation simply checks the value for serializability. Sub-classes might use other distribution technology not based on serialization and can override this check.

      Specified by:
      isAttributeDistributable in interface Session
      Parameters:
      name - The attribute name
      value - The attribute value
      Returns:
      true if distribution is supported, otherwise false
    • doReadObject

      protected void doReadObject(ObjectInputStream stream) throws ClassNotFoundException, IOException
      Read a serialized version of this session object from the specified object input stream.

      IMPLEMENTATION NOTE: The reference to the owning Manager is not restored by this method, and must be set explicitly.

      Parameters:
      stream - The input stream to read from
      Throws:
      ClassNotFoundException - if an unknown class is specified
      IOException - if an input/output error occurs
    • doWriteObject

      protected void doWriteObject(ObjectOutputStream stream) throws IOException
      Write a serialized version of this session object to the specified object output stream.

      IMPLEMENTATION NOTE: The owning Manager will not be stored in the serialized representation of this Session. After calling readObject(), you must set the associated Manager explicitly.

      IMPLEMENTATION NOTE: Any attribute that is not Serializable will be unbound from the session, with appropriate actions if it implements HttpSessionBindingListener. If you do not want any such attributes, be sure the distributable property of the associated Manager is set to true.

      Parameters:
      stream - The output stream to write to
      Throws:
      IOException - if an input/output error occurs
    • exclude

      protected boolean exclude(String name, Object value)
      Should the given session attribute be excluded? This implementation checks: Note: This method deliberately does not check isAttributeDistributable(String, Object) which is kept separate to support the checks required in setAttribute(String, Object, boolean)
      Parameters:
      name - The attribute name
      value - The attribute value
      Returns:
      true if the attribute should be excluded from distribution, otherwise false
    • fireSessionEvent

      public void fireSessionEvent(String type, Object data)
      Notify all session event listeners that a particular event has occurred for this Session. The default implementation performs this notification synchronously using the calling thread.
      Parameters:
      type - Event type
      data - Event data
    • keys

      protected String[] keys()
      Returns:
      the names of all currently defined session attributes as an array of Strings. If there are no defined attributes, a zero-length array is returned.
    • removeAttributeInternal

      protected void removeAttributeInternal(String name, boolean notify)
      Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

      After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

      Parameters:
      name - Name of the object to remove from this session.
      notify - Should we notify interested listeners that this attribute is being removed?