Package org.apache.catalina.session

Class StandardSession

  • All Implemented Interfaces:
    HttpSession, java.io.Serializable, Session
    Direct Known Subclasses:
    DeltaSession
    public class StandardSession
extends java.lang.Object
implements HttpSession, Session, java.io.Serializable
    Standard implementation of the Session interface. This object is serializable, so that it can be stored in persistent storage or transferred to a different JVM for distributable session support.

    IMPLEMENTATION NOTE: If you add fields to this class, you must make sure that you carry them over in the read/writeObject methods so that this class is properly serialized.

    See Also:
    Serialized Form

    • Field Summary

      Fields 
      Modifier and Type Field Description
      protected java.util.concurrent.atomic.AtomicInteger accessCount
      The access count for this session.
      protected boolean activityCheck
      The activity check for this session.
      protected java.util.concurrent.ConcurrentMap<java.lang.String,​java.lang.Object> attributes
      The collection of user data attributes associated with this Session.
      protected java.lang.String authType
      The authentication type used to authenticate our cached Principal, if any.
      protected long creationTime
      The time this session was created, in milliseconds since midnight, January 1, 1970 GMT.
      protected static java.lang.String[] EMPTY_ARRAY
      Type array.
      protected boolean expiring
      We are currently processing a session expiration, so bypass certain IllegalStateException tests.
      protected StandardSessionFacade facade
      The facade associated with this session.
      protected java.lang.String id
      The session identifier of this Session.
      protected boolean isNew
      Flag indicating whether this session is new or not.
      protected boolean isValid
      Flag indicating whether this session is valid or not.
      protected boolean lastAccessAtStart
      The behavior of the last access check.
      protected long lastAccessedTime
      The last accessed time for this Session.
      protected java.util.ArrayList<SessionListener> listeners
      The session event listeners for this Session.
      protected Manager manager
      The Manager with which this Session is associated.
      protected int maxInactiveInterval
      The maximum time interval, in seconds, between client requests before the servlet container may invalidate this session.
      protected java.util.Map<java.lang.String,​java.lang.Object> notes
      Internal notes associated with this session by Catalina components and event listeners.
      protected java.security.Principal principal
      The authenticated Principal associated with this session, if any.
      protected static StringManager sm
      The string manager for this package.
      protected java.beans.PropertyChangeSupport support
      The property change support for this component.
      protected long thisAccessedTime
      The current accessed time for this session.

    • Constructor Summary

      Constructors 
      Constructor Description
      StandardSession​(Manager manager)
      Construct a new Session associated with the specified Manager.

    • Method Summary

      All Methods Instance Methods Concrete Methods 
      Modifier and Type Method Description
      void access()
      Update the accessed time information for this session.
      void activate()
      Perform internal processing required to activate this session.
      void addSessionListener​(SessionListener listener)
      Add a session event listener to this component.
      protected void doReadObject​(java.io.ObjectInputStream stream)
      Read a serialized version of this session object from the specified object input stream.
      protected void doWriteObject​(java.io.ObjectOutputStream stream)
      Write a serialized version of this session object to the specified object output stream.
      void endAccess()
      End access to the session.
      protected boolean exclude​(java.lang.String name, java.lang.Object value)
      Should the given session attribute be excluded?
      void expire()
      Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
      void expire​(boolean notify)
      Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
      void fireSessionEvent​(java.lang.String type, java.lang.Object data)
      Notify all session event listeners that a particular event has occurred for this Session.
      java.lang.Object getAttribute​(java.lang.String name)
      Returns the object bound with the specified name in this session, or null if no object is bound under the name.
      java.util.Enumeration<java.lang.String> getAttributeNames()
      Returns an Enumeration of String objects containing the names of all the objects bound to this session.
      java.lang.String getAuthType()  
      long getCreationTime()
      Returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT.
      long getCreationTimeInternal()  
      java.lang.String getId()
      Returns a string containing the unique identifier assigned to this session.
      java.lang.String getIdInternal()  
      long getIdleTime()  
      long getIdleTimeInternal()  
      long getLastAccessedTime()
      Returns the last time the client sent a request associated with this session, as the number of milliseconds since midnight January 1, 1970 GMT, and marked by the time the container received the request.
      long getLastAccessedTimeInternal()  
      Manager getManager()  
      int getMaxInactiveInterval()
      Returns the maximum time interval, in seconds, that the servlet container will keep this session open between client accesses.
      java.lang.Object getNote​(java.lang.String name)  
      java.util.Iterator<java.lang.String> getNoteNames()  
      java.security.Principal getPrincipal()  
      ServletContext getServletContext()
      Returns the ServletContext to which this session belongs.
      HttpSession getSession()  
      long getThisAccessedTime()  
      long getThisAccessedTimeInternal()  
      void invalidate()
      Invalidates this session then unbinds any objects bound to it.
      boolean isAttributeDistributable​(java.lang.String name, java.lang.Object value)
      Does the session implementation support the distributing of the given attribute?
      boolean isNew()
      Returns true if the client does not yet know about the session or if the client chooses not to join the session.
      boolean isValid()  
      protected boolean isValidInternal()  
      protected java.lang.String[] keys()  
      void passivate()
      Perform the internal processing required to passivate this session.
      void readObjectData​(java.io.ObjectInputStream stream)
      Read a serialized version of the contents of this session object from the specified object input stream, without requiring that the StandardSession itself have been serialized.
      void recycle()
      Release all object references, and initialize instance variables, in preparation for reuse of this object.
      void removeAttribute​(java.lang.String name)
      Removes the object bound with the specified name from this session.
      void removeAttribute​(java.lang.String name, boolean notify)
      Remove the object bound with the specified name from this session.
      protected void removeAttributeInternal​(java.lang.String name, boolean notify)
      Remove the object bound with the specified name from this session.
      void removeNote​(java.lang.String name)
      Remove any object bound to the specified name in the internal notes for this session.
      void removeSessionListener​(SessionListener listener)
      Remove a session event listener from this component.
      void setAttribute​(java.lang.String name, java.lang.Object value)
      Binds an object to this session, using the name specified.
      void setAttribute​(java.lang.String name, java.lang.Object value, boolean notify)
      Bind an object to this session, using the specified name.
      void setAuthType​(java.lang.String authType)
      Set the authentication type used to authenticate our cached Principal, if any.
      void setCreationTime​(long time)
      Set the creation time for this session.
      void setId​(java.lang.String id)
      Set the session identifier for this session and notifies any associated listeners that a new session has been created.
      void setId​(java.lang.String id, boolean notify)
      Set the session identifier for this session and optionally notifies any associated listeners that a new session has been created.
      void setManager​(Manager manager)
      Set the Manager within which this Session is valid.
      void setMaxInactiveInterval​(int interval)
      Specifies the time, in seconds, between client requests before the servlet container will invalidate this session.
      void setNew​(boolean isNew)
      Set the isNew flag for this session.
      void setNote​(java.lang.String name, java.lang.Object value)
      Bind an object to a specified name in the internal notes associated with this session, replacing any existing binding for this name.
      void setPrincipal​(java.security.Principal principal)
      Set the authenticated Principal that is associated with this Session.
      void setValid​(boolean isValid)
      Set the isValid flag for this session.
      void tellChangedSessionId​(java.lang.String newId, java.lang.String oldId, boolean notifySessionListeners, boolean notifyContainerListeners)
      Inform the listeners about the change session ID.
      void tellNew()
      Inform the listeners about the new session.
      java.lang.String toString()  
      void writeObjectData​(java.io.ObjectOutputStream stream)
      Write a serialized version of the contents of this session object to the specified object output stream, without requiring that the StandardSession itself have been serialized.

      • Methods inherited from class java.lang.Object

        clone, equals, finalize, getClass, hashCode, notify, notifyAll, wait, wait, wait

    • Field Detail

      • EMPTY_ARRAY

        protected static final java.lang.String[] EMPTY_ARRAY
        Type array.

      • attributes

        protected java.util.concurrent.ConcurrentMap<java.lang.String,​java.lang.Object> attributes
        The collection of user data attributes associated with this Session.

      • authType

        protected transient java.lang.String authType
        The authentication type used to authenticate our cached Principal, if any. NOTE: This value is not included in the serialized version of this object.

      • creationTime

        protected long creationTime
        The time this session was created, in milliseconds since midnight, January 1, 1970 GMT.

      • expiring

        protected transient volatile boolean expiring
        We are currently processing a session expiration, so bypass certain IllegalStateException tests. NOTE: This value is not included in the serialized version of this object.

      • facade

        protected transient StandardSessionFacade facade
        The facade associated with this session. NOTE: This value is not included in the serialized version of this object.

      • id

        protected java.lang.String id
        The session identifier of this Session.

      • lastAccessedTime

        protected volatile long lastAccessedTime
        The last accessed time for this Session.

      • listeners

        protected transient java.util.ArrayList<SessionListener> listeners
        The session event listeners for this Session.

      • manager

        protected transient Manager manager
        The Manager with which this Session is associated.

      • maxInactiveInterval

        protected volatile int maxInactiveInterval
        The maximum time interval, in seconds, between client requests before the servlet container may invalidate this session. A negative time indicates that the session should never time out.

      • isNew

        protected volatile boolean isNew
        Flag indicating whether this session is new or not.

      • isValid

        protected volatile boolean isValid
        Flag indicating whether this session is valid or not.

      • notes

        protected transient java.util.Map<java.lang.String,​java.lang.Object> notes
        Internal notes associated with this session by Catalina components and event listeners. IMPLEMENTATION NOTE: This object is not saved and restored across session serializations!

      • principal

        protected transient java.security.Principal principal
        The authenticated Principal associated with this session, if any. IMPLEMENTATION NOTE: This object is not saved and restored across session serializations!

      • sm

        protected static final StringManager sm
        The string manager for this package.

      • support

        protected final transient java.beans.PropertyChangeSupport support
        The property change support for this component. NOTE: This value is not included in the serialized version of this object.

      • thisAccessedTime

        protected volatile long thisAccessedTime
        The current accessed time for this session.

      • accessCount

        protected transient java.util.concurrent.atomic.AtomicInteger accessCount
        The access count for this session.

      • activityCheck

        protected transient boolean activityCheck
        The activity check for this session.

      • lastAccessAtStart

        protected transient boolean lastAccessAtStart
        The behavior of the last access check.

    • Constructor Detail

      • StandardSession

        public StandardSession​(Manager manager)
        Construct a new Session associated with the specified Manager.
        Parameters:
        manager - The manager with which this Session is associated

    • Method Detail

      • getAuthType

        public java.lang.String getAuthType()
        Specified by:
        getAuthType in interface Session
        Returns:
        the authentication type used to authenticate our cached Principal, if any.

      • setAuthType

        public void setAuthType​(java.lang.String authType)
        Description copied from interface: Session
        Set the authentication type used to authenticate our cached Principal, if any.
        Specified by:
        setAuthType in interface Session
        Parameters:
        authType - The new cached authentication type

      • setCreationTime

        public void setCreationTime​(long time)
        Description copied from interface: Session
        Set the creation time for this session. This method is called by the Manager when an existing Session instance is reused.
        Specified by:
        setCreationTime in interface Session
        Parameters:
        time - The new creation time

      • getId

        public java.lang.String getId()
        Description copied from interface: jakarta.servlet.http.HttpSession
        Returns a string containing the unique identifier assigned to this session. The identifier is assigned by the servlet container and is implementation dependent.
        Specified by:
        getId in interface HttpSession
        Specified by:
        getId in interface Session
        Returns:
        a string specifying the identifier assigned to this session

      • getIdInternal

        public java.lang.String getIdInternal()
        Specified by:
        getIdInternal in interface Session
        Returns:
        the session identifier for this session.

      • setId

        public void setId​(java.lang.String id)
        Description copied from interface: Session
        Set the session identifier for this session and notifies any associated listeners that a new session has been created.
        Specified by:
        setId in interface Session
        Parameters:
        id - The new session identifier

      • setId

        public void setId​(java.lang.String id,
                  boolean notify)
        Description copied from interface: Session
        Set the session identifier for this session and optionally notifies any associated listeners that a new session has been created.
        Specified by:
        setId in interface Session
        Parameters:
        id - The new session identifier
        notify - Should any associated listeners be notified that a new session has been created?

      • tellNew

        public void tellNew()
        Inform the listeners about the new session.

      • tellChangedSessionId

        public void tellChangedSessionId​(java.lang.String newId,
                                 java.lang.String oldId,
                                 boolean notifySessionListeners,
                                 boolean notifyContainerListeners)
        Description copied from interface: Session
        Inform the listeners about the change session ID.
        Specified by:
        tellChangedSessionId in interface Session
        Parameters:
        newId - new session ID
        oldId - old session ID
        notifySessionListeners - Should any associated sessionListeners be notified that session ID has been changed?
        notifyContainerListeners - Should any associated ContainerListeners be notified that session ID has been changed?

      • getThisAccessedTime

        public long getThisAccessedTime()
        Specified by:
        getThisAccessedTime in interface Session
        Returns:
        the last time the client sent a request associated with this session, as the number of milliseconds since midnight, January 1, 1970 GMT. Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time. This one gets updated whenever a request starts.

      • getLastAccessedTime

        public long getLastAccessedTime()
        Description copied from interface: jakarta.servlet.http.HttpSession
        Returns the last time the client sent a request associated with this session, as the number of milliseconds since midnight January 1, 1970 GMT, and marked by the time the container received the request.

        Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time.

        Specified by:
        getLastAccessedTime in interface HttpSession
        Specified by:
        getLastAccessedTime in interface Session
        Returns:
        a long representing the last time the client sent a request associated with this session, expressed in milliseconds since 1/1/1970 GMT

      • getIdleTime

        public long getIdleTime()
        Specified by:
        getIdleTime in interface Session
        Returns:
        the idle time (in milliseconds) from last client access time.

      • getManager

        public Manager getManager()
        Specified by:
        getManager in interface Session
        Returns:
        the Manager within which this Session is valid.

      • setManager

        public void setManager​(Manager manager)
        Description copied from interface: Session
        Set the Manager within which this Session is valid.
        Specified by:
        setManager in interface Session
        Parameters:
        manager - The new Manager

      • getMaxInactiveInterval

        public int getMaxInactiveInterval()
        Description copied from interface: jakarta.servlet.http.HttpSession
        Returns the maximum time interval, in seconds, that the servlet container will keep this session open between client accesses. After this interval, the servlet container will invalidate the session. The maximum time interval can be set with the setMaxInactiveInterval method. A zero or negative time indicates that the session should never timeout.
        Specified by:
        getMaxInactiveInterval in interface HttpSession
        Specified by:
        getMaxInactiveInterval in interface Session
        Returns:
        an integer specifying the number of seconds this session remains open between client requests
        See Also:
        HttpSession.setMaxInactiveInterval(int)

      • setMaxInactiveInterval

        public void setMaxInactiveInterval​(int interval)
        Description copied from interface: jakarta.servlet.http.HttpSession
        Specifies the time, in seconds, between client requests before the servlet container will invalidate this session. A zero or negative time indicates that the session should never timeout.
        Specified by:
        setMaxInactiveInterval in interface HttpSession
        Specified by:
        setMaxInactiveInterval in interface Session
        Parameters:
        interval - An integer specifying the number of seconds

      • setNew

        public void setNew​(boolean isNew)
        Description copied from interface: Session
        Set the isNew flag for this session.
        Specified by:
        setNew in interface Session
        Parameters:
        isNew - The new value for the isNew flag

      • getPrincipal

        public java.security.Principal getPrincipal()
        Specified by:
        getPrincipal in interface Session
        Returns:
        the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request. If there is no current associated Principal, return null.

      • setPrincipal

        public void setPrincipal​(java.security.Principal principal)
        Description copied from interface: Session
        Set the authenticated Principal that is associated with this Session. This provides an Authenticator with a means to cache a previously authenticated Principal, and avoid potentially expensive Realm.authenticate() calls on every request.
        Specified by:
        setPrincipal in interface Session
        Parameters:
        principal - The new Principal, or null if none

      • getSession

        public HttpSession getSession()
        Specified by:
        getSession in interface Session
        Returns:
        the HttpSession for which this object is the facade.

      • isValid

        public boolean isValid()
        Specified by:
        isValid in interface Session
        Returns:
        true if the session is still valid

      • setValid

        public void setValid​(boolean isValid)
        Description copied from interface: Session
        Set the isValid flag for this session.
        Specified by:
        setValid in interface Session
        Parameters:
        isValid - The new value for the isValid flag

      • access

        public void access()
        Description copied from interface: Session
        Update the accessed time information for this session. This method should be called by the context when a request comes in for a particular session, even if the application does not reference it.
        Specified by:
        access in interface Session

      • endAccess

        public void endAccess()
        Description copied from interface: Session
        End access to the session.
        Specified by:
        endAccess in interface Session

      • addSessionListener

        public void addSessionListener​(SessionListener listener)
        Description copied from interface: Session
        Add a session event listener to this component.
        Specified by:
        addSessionListener in interface Session
        Parameters:
        listener - the SessionListener instance that should be notified for session events

      • expire

        public void expire()
        Description copied from interface: Session
        Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
        Specified by:
        expire in interface Session

      • expire

        public void expire​(boolean notify)
        Perform the internal processing required to invalidate this session, without triggering an exception if the session has already expired.
        Parameters:
        notify - Should we notify listeners about the demise of this session?

      • passivate

        public void passivate()
        Perform the internal processing required to passivate this session.

      • activate

        public void activate()
        Perform internal processing required to activate this session.

      • getNote

        public java.lang.Object getNote​(java.lang.String name)
        Specified by:
        getNote in interface Session
        Parameters:
        name - Name of the note to be returned
        Returns:
        the object bound with the specified name to the internal notes for this session, or null if no such binding exists.

      • getNoteNames

        public java.util.Iterator<java.lang.String> getNoteNames()
        Specified by:
        getNoteNames in interface Session
        Returns:
        an Iterator containing the String names of all notes bindings that exist for this session.

      • recycle

        public void recycle()
        Description copied from interface: Session
        Release all object references, and initialize instance variables, in preparation for reuse of this object.
        Specified by:
        recycle in interface Session

      • removeNote

        public void removeNote​(java.lang.String name)
        Description copied from interface: Session
        Remove any object bound to the specified name in the internal notes for this session.
        Specified by:
        removeNote in interface Session
        Parameters:
        name - Name of the note to be removed

      • removeSessionListener

        public void removeSessionListener​(SessionListener listener)
        Description copied from interface: Session
        Remove a session event listener from this component.
        Specified by:
        removeSessionListener in interface Session
        Parameters:
        listener - remove the session listener, which will no longer be notified

      • setNote

        public void setNote​(java.lang.String name,
                    java.lang.Object value)
        Description copied from interface: Session
        Bind an object to a specified name in the internal notes associated with this session, replacing any existing binding for this name.
        Specified by:
        setNote in interface Session
        Parameters:
        name - Name to which the object should be bound
        value - Object to be bound to the specified name

      • toString

        public java.lang.String toString()
        Overrides:
        toString in class java.lang.Object

      • readObjectData

        public void readObjectData​(java.io.ObjectInputStream stream)
                    throws java.lang.ClassNotFoundException,
                           java.io.IOException
        Read a serialized version of the contents of this session object from the specified object input stream, without requiring that the StandardSession itself have been serialized.
        Parameters:
        stream - The object input stream to read from
        Throws:
        java.lang.ClassNotFoundException - if an unknown class is specified
        java.io.IOException - if an input/output error occurs

      • writeObjectData

        public void writeObjectData​(java.io.ObjectOutputStream stream)
                     throws java.io.IOException
        Write a serialized version of the contents of this session object to the specified object output stream, without requiring that the StandardSession itself have been serialized.
        Parameters:
        stream - The object output stream to write to
        Throws:
        java.io.IOException - if an input/output error occurs

      • getCreationTime

        public long getCreationTime()
        Description copied from interface: jakarta.servlet.http.HttpSession
        Returns the time when this session was created, measured in milliseconds since midnight January 1, 1970 GMT.
        Specified by:
        getCreationTime in interface HttpSession
        Specified by:
        getCreationTime in interface Session
        Returns:
        a long specifying when this session was created, expressed in milliseconds since 1/1/1970 GMT

      • getCreationTimeInternal

        public long getCreationTimeInternal()
        Specified by:
        getCreationTimeInternal in interface Session
        Returns:
        the creation time for this session, bypassing the session validity checks.

      • getAttribute

        public java.lang.Object getAttribute​(java.lang.String name)
        Description copied from interface: jakarta.servlet.http.HttpSession
        Returns the object bound with the specified name in this session, or null if no object is bound under the name.
        Specified by:
        getAttribute in interface HttpSession
        Parameters:
        name - a string specifying the name of the object
        Returns:
        the object with the specified name

      • getAttributeNames

        public java.util.Enumeration<java.lang.String> getAttributeNames()
        Description copied from interface: jakarta.servlet.http.HttpSession
        Returns an Enumeration of String objects containing the names of all the objects bound to this session.
        Specified by:
        getAttributeNames in interface HttpSession
        Returns:
        an Enumeration of String objects specifying the names of all the objects bound to this session

      • isNew

        public boolean isNew()
        Description copied from interface: jakarta.servlet.http.HttpSession
        Returns true if the client does not yet know about the session or if the client chooses not to join the session. For example, if the server used only cookie-based sessions, and the client had disabled the use of cookies, then a session would be new on each request.
        Specified by:
        isNew in interface HttpSession
        Returns:
        true if the server has created a session, but the client has not yet joined

      • removeAttribute

        public void removeAttribute​(java.lang.String name)
        Description copied from interface: jakarta.servlet.http.HttpSession
        Removes the object bound with the specified name from this session. If the session does not have an object bound with the specified name, this method does nothing.

        After this method executes, and if the object implements HttpSessionBindingListener, the container calls HttpSessionBindingListener.valueUnbound. The container then notifies any HttpSessionAttributeListeners in the web application.

        Specified by:
        removeAttribute in interface HttpSession
        Parameters:
        name - the name of the object to remove from this session

      • removeAttribute

        public void removeAttribute​(java.lang.String name,
                            boolean notify)
        Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

        After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

        Parameters:
        name - Name of the object to remove from this session.
        notify - Should we notify interested listeners that this attribute is being removed?
        Throws:
        java.lang.IllegalStateException - if this method is called on an invalidated session

      • setAttribute

        public void setAttribute​(java.lang.String name,
                         java.lang.Object value)
        Description copied from interface: jakarta.servlet.http.HttpSession
        Binds an object to this session, using the name specified. If an object of the same name is already bound to the session, the object is replaced.

        After this method executes, and if the new object implements HttpSessionBindingListener, the container calls HttpSessionBindingListener.valueBound. The container then notifies any HttpSessionAttributeListeners in the web application.

        If an object was already bound to this session of this name that implements HttpSessionBindingListener, its HttpSessionBindingListener.valueUnbound method is called.

        If the value passed in is null, this has the same effect as calling removeAttribute().

        Specified by:
        setAttribute in interface HttpSession
        Parameters:
        name - the name to which the object is bound; cannot be null
        value - the object to be bound

      • setAttribute

        public void setAttribute​(java.lang.String name,
                         java.lang.Object value,
                         boolean notify)
        Bind an object to this session, using the specified name. If an object of the same name is already bound to this session, the object is replaced.

        After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueBound() on the object.

        Parameters:
        name - Name to which the object is bound, cannot be null
        value - Object to be bound, cannot be null
        notify - whether to notify session listeners
        Throws:
        java.lang.IllegalArgumentException - if an attempt is made to add a non-serializable object in an environment marked distributable.
        java.lang.IllegalStateException - if this method is called on an invalidated session

      • isValidInternal

        protected boolean isValidInternal()
        Returns:
        the isValid flag for this session without any expiration check.

      • isAttributeDistributable

        public boolean isAttributeDistributable​(java.lang.String name,
                                        java.lang.Object value)
        Does the session implementation support the distributing of the given attribute? If the Manager is marked as distributable, then this method must be used to check attributes before adding them to a session and an IllegalArgumentException thrown if the proposed attribute is not distributable.

        Note that the Manager implementation may further restrict which attributes are distributed but a Manager level restriction should not trigger an IllegalArgumentException in HttpSession.setAttribute(String, Object)

        This implementation simply checks the value for serializability. Subclasses might use other distribution technology not based on serialization and can override this check.

        Specified by:
        isAttributeDistributable in interface Session
        Parameters:
        name - The attribute name
        value - The attribute value
        Returns:
        true if distribution is supported, otherwise false

      • doReadObject

        protected void doReadObject​(java.io.ObjectInputStream stream)
                     throws java.lang.ClassNotFoundException,
                            java.io.IOException
        Read a serialized version of this session object from the specified object input stream.

        IMPLEMENTATION NOTE: The reference to the owning Manager is not restored by this method, and must be set explicitly.

        Parameters:
        stream - The input stream to read from
        Throws:
        java.lang.ClassNotFoundException - if an unknown class is specified
        java.io.IOException - if an input/output error occurs

      • doWriteObject

        protected void doWriteObject​(java.io.ObjectOutputStream stream)
                      throws java.io.IOException
        Write a serialized version of this session object to the specified object output stream.

        IMPLEMENTATION NOTE: The owning Manager will not be stored in the serialized representation of this Session. After calling readObject(), you must set the associated Manager explicitly.

        IMPLEMENTATION NOTE: Any attribute that is not Serializable will be unbound from the session, with appropriate actions if it implements HttpSessionBindingListener. If you do not want any such attributes, be sure the distributable property of the associated Manager is set to true.

        Parameters:
        stream - The output stream to write to
        Throws:
        java.io.IOException - if an input/output error occurs

      • fireSessionEvent

        public void fireSessionEvent​(java.lang.String type,
                             java.lang.Object data)
        Notify all session event listeners that a particular event has occurred for this Session. The default implementation performs this notification synchronously using the calling thread.
        Parameters:
        type - Event type
        data - Event data

      • keys

        protected java.lang.String[] keys()
        Returns:
        the names of all currently defined session attributes as an array of Strings. If there are no defined attributes, a zero-length array is returned.

      • removeAttributeInternal

        protected void removeAttributeInternal​(java.lang.String name,
                                       boolean notify)
        Remove the object bound with the specified name from this session. If the session does not have an object bound with this name, this method does nothing.

        After this method executes, and if the object implements HttpSessionBindingListener, the container calls valueUnbound() on the object.

        Parameters:
        name - Name of the object to remove from this session.
        notify - Should we notify interested listeners that this attribute is being removed?