All Packages Class Hierarchy This Package Previous Next Index
Interface javax.servlet.http.HttpSession
- public interface HttpSession
The HttpSession interface is implemented by services to provide an
association
between an HTTP client and HTTP server. This association, or
session,
persists over multiple connections and/or requests during a given
time period.
Sessions are used to
maintain state and user identity across multiple page requests.
A session can be maintained either by using cookies or by URL
rewriting. To expose whether the client supports
cookies, HttpSession
defines an isCookieSupportDetermined method and an isUsingCookies method.
HttpSession defines methods which store these types of data:
- Standard session properties, such as an identifier for the session,
and the context for the session.
- Application layer data, accessed using this interface
and stored using a dictionary-like interface.
The following code snippet illustrates getting and setting the the
session data value.
//Get the session object - "request" represents the HTTP servlet request
HttpSession session = request.getSession(true);
//Get the session data value - an Integer object is read from
//the session, incremented, then written back to the session.
//sessiontest.counter identifies values in the session
Integer ival = (Integer) session.getValue("sessiontest.counter");
if (ival==null)
ival = new Integer(1);
else
ival = new Integer(ival.intValue() + 1);
session.putValue("sessiontest.counter", ival);
When an application layer stores or removes data from the
session, the session layer checks whether the object implements
HttpSessionBindingListener. If it does, then the object is notified
that it has been bound or unbound from the session.
An implementation of HttpSession represents the server's view
of the session. The server considers a session to be new until
it has been joined by the
client. Until the client joins the session, the isNew method
returns true. A value of true can indicate one of these three cases:
- the client does not yet know about the session
- the session has not yet begun
- the client chooses not to join the session. This case will occur
if the client supports
only cookies and chooses to reject any cookies sent by the server.
If the server supports URL rewriting, this case will not commonly occur.
It is the responsibility of developers
to design their applications to account for situations where a client
has not joined a session. For example, in the following code
snippet isNew is called to determine whether a session is new. If it
is, the server will require the client to start a session by directing
the client to a welcome page welcomeURL where
a user might be required to enter some information and send it to the
server before gaining access to
subsequent pages.
//Get the session object - "request" represents the HTTP servlet request
HttpSession session = request.getSession(true);
//insist that the client starts a session
//before access to data is allowed
//"response" represents the HTTP servlet response
if (session.isNew()) {
response.sendRedirect (welcomeURL);
}
- See Also:
- HttpSessionBindingListener, HttpSessionContext
-
getCreationTime()
- Returns the time at which this session representation was created,
in milliseconds since midnight, January 1, 1970 UTC.
-
getId()
- Returns the identifier assigned to this session.
-
getLastAccessedTime()
- Returns the last time the client sent a request carrying the identifier
assigned to the session.
-
getSessionContext()
- Returns the context in which this session is bound.
-
getValue(String)
- Returns the object bound to the given name in the session's
application layer data.
-
getValueNames()
- Returns an array of the names of all the application layer
data objects bound into the session.
-
invalidate()
- Causes this representation of the session to be invalidated and removed
from its context.
-
isNew()
- A session is considered to be "new" if it has been created by the server,
but the client has not yet acknowledged joining the session.
-
putValue(String, Object)
- Binds the specified object into the session's application layer data
with the given name.
-
removeValue(String)
- Removes the object bound to the given name in the session's
application layer data.
getId
public abstract String getId()
- Returns the identifier assigned to this session. An HttpSession's
identifier is a unique string that is created and maintained by
HttpSessionContext.
- Returns:
- the identifier assigned to this session
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
getSessionContext
public abstract HttpSessionContext getSessionContext()
- Returns the context in which this session is bound.
- Returns:
- the name of the context in which this session is bound
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
getCreationTime
public abstract long getCreationTime()
- Returns the time at which this session representation was created,
in milliseconds since midnight, January 1, 1970 UTC.
- Returns:
- the time when the session was created
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
getLastAccessedTime
public abstract long getLastAccessedTime()
- Returns the last time the client sent a request carrying the identifier
assigned to the session. Time is expressed
as milliseconds since midnight, January 1,
1970 UTC.
Application level operations, such as getting or setting a value
associated with the session, does not affect the access time.
This information is particularly useful in session management
policies. For example,
- a session manager could leave all sessions
which have not been used in a long time
in a given context.
- the sessions can be sorted according to age to optimize some task.
- Returns:
- the last time the client sent a request carrying the identifier
assigned to the session
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
invalidate
public abstract void invalidate()
- Causes this representation of the session to be invalidated and removed
from its context.
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
putValue
public abstract void putValue(String name,
Object value)
- Binds the specified object into the session's application layer data
with the given name. Any existing binding with the same name is
replaced. New (or existing) values that implement the
HttpSessionBindingListener interface will call its
valueBound() method.
- Parameters:
- name - the name to which the data object will be bound. This
parameter cannot be null.
- value - the data object to be bound. This parameter cannot be null.
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
getValue
public abstract Object getValue(String name)
- Returns the object bound to the given name in the session's
application layer data. Returns null if there is no such binding.
- Parameters:
- name - the name of the binding to find
- Returns:
- the value bound to that name, or null if the binding does
not exist.
- Throws: IllegalStateException
- if an attempt is made to access
HttpSession's session data after it has been invalidated
removeValue
public abstract void removeValue(String name)
- Removes the object bound to the given name in the session's
application layer data. Does nothing if there is no object
bound to the given name. The value that implements the
HttpSessionBindingListener interface will call its
valueUnbound() method.
- Parameters:
- name - the name of the object to remove
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
getValueNames
public abstract String[] getValueNames()
- Returns an array of the names of all the application layer
data objects bound into the session. For example, if you want to delete
all of the data objects bound into the session, use this method to
obtain their names.
- Returns:
- an array containing the names of all of the application layer
data objects bound into the session
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
isNew
public abstract boolean isNew()
- A session is considered to be "new" if it has been created by the server,
but the client has not yet acknowledged joining the session. For example,
if the server supported only cookie-based sessions and the client had
completely disabled the use of cookies, then calls to
HttpServletRequest.getSession() would
always return "new" sessions.
- Returns:
- true if the session has been created by the server but the
client has not yet acknowledged joining the session; false otherwise
- Throws: IllegalStateException
- if an attempt is made to access
session data after the session has been invalidated
All Packages Class Hierarchy This Package Previous Next Index