public class StandardSession extends Object implements HttpSession, Session, Serializable
 IMPLEMENTATION NOTE:  An instance of this class represents both the
 internal (Session) and application level (HttpSession) view of the session.
 However, because the class itself is not declared public, Java logic outside
 of the org.apache.catalina.session package cannot cast an
 HttpSession view of this instance back to a Session view.
 
IMPLEMENTATION NOTE: If you add fields to this class, you must make sure that you carry them over in the read/writeObject methods so that this class is properly serialized.
| Modifier and Type | Field and Description | 
|---|---|
| protected AtomicInteger | accessCountThe access count for this session. | 
| protected static boolean | ACTIVITY_CHECK | 
| protected ConcurrentMap<String,Object> | attributesThe collection of user data attributes associated with this Session. | 
| protected String | authTypeThe authentication type used to authenticate our cached Principal,
 if any. | 
| protected long | creationTimeThe time this session was created, in milliseconds since midnight,
 January 1, 1970 GMT. | 
| protected static String[] | EMPTY_ARRAYType array. | 
| protected static String[] | excludedAttributesDeprecated. 
 Use  Constants.excludedAttributeNamesinstead. Will be
             removed in Tomcat 9. | 
| protected boolean | expiringWe are currently processing a session expiration, so bypass
 certain IllegalStateException tests. | 
| protected StandardSessionFacade | facadeThe facade associated with this session. | 
| protected String | idThe session identifier of this Session. | 
| protected static String | infoDescriptive information describing this Session implementation. | 
| protected boolean | isNewFlag indicating whether this session is new or not. | 
| protected boolean | isValidFlag indicating whether this session is valid or not. | 
| protected static boolean | LAST_ACCESS_AT_START | 
| protected long | lastAccessedTimeThe last accessed time for this Session. | 
| protected ArrayList<SessionListener> | listenersThe session event listeners for this Session. | 
| protected Manager | managerThe Manager with which this Session is associated. | 
| protected int | maxInactiveIntervalThe maximum time interval, in seconds, between client requests before
 the servlet container may invalidate this session. | 
| protected Map<String,Object> | notesInternal notes associated with this session by Catalina components
 and event listeners. | 
| protected Principal | principalThe authenticated Principal associated with this session, if any. | 
| protected static HttpSessionContext | sessionContextDeprecated.  | 
| protected static StringManager | smThe string manager for this package. | 
| protected static boolean | STRICT_SERVLET_COMPLIANCE | 
| protected PropertyChangeSupport | supportThe property change support for this component. | 
| protected long | thisAccessedTimeThe current accessed time for this session. | 
SESSION_ACTIVATED_EVENT, SESSION_CREATED_EVENT, SESSION_DESTROYED_EVENT, SESSION_PASSIVATED_EVENT| Constructor and Description | 
|---|
| StandardSession(Manager manager)Construct a new Session associated with the specified Manager. | 
| Modifier and Type | Method and Description | 
|---|---|
| void | access()Update the accessed time information for this session. | 
| void | activate()Perform internal processing required to activate this
 session. | 
| void | addSessionListener(SessionListener listener)Add a session event listener to this component. | 
| void | endAccess()End the access. | 
| protected boolean | exclude(String name)Deprecated. 
 Use  exclude(String, Object). Will be removed in
             Tomcat 9.0.x. | 
| protected boolean | exclude(String name,
       Object value)Should the given session attribute be excluded? | 
| void | expire()Perform the internal processing required to invalidate this session,
 without triggering an exception if the session has already expired. | 
| void | expire(boolean notify)Perform the internal processing required to invalidate this session,
 without triggering an exception if the session has already expired. | 
| protected void | fireContainerEvent(Context context,
                  String type,
                  Object data)Deprecated. 
 No longer necessary since  StandardContextimplements
              theContainerinterface. | 
| void | fireSessionEvent(String type,
                Object data)Notify all session event listeners that a particular event has
 occurred for this Session. | 
| Object | getAttribute(String name)Return the object bound with the specified name in this session, or
  nullif no object is bound with that name. | 
| Enumeration<String> | getAttributeNames()Return an  EnumerationofStringobjects
 containing the names of the objects bound to this session. | 
| String | getAuthType()Return the authentication type used to authenticate our cached
 Principal, if any. | 
| long | getCreationTime()Return the time when this session was created, in milliseconds since
 midnight, January 1, 1970 GMT. | 
| long | getCreationTimeInternal()Return the time when this session was created, in milliseconds since
 midnight, January 1, 1970 GMT, bypassing the session validation checks. | 
| String | getId()Return the session identifier for this session. | 
| String | getIdInternal()Return the session identifier for this session. | 
| String | getInfo()Return descriptive information about this Session implementation and
 the corresponding version number, in the format
  <description>/<version>. | 
| long | getLastAccessedTime()Return the last time the client sent a request associated with this
 session, as the number of milliseconds since midnight, January 1, 1970
 GMT. | 
| long | getLastAccessedTimeInternal()Return the last client access time without invalidation check | 
| Manager | getManager()Return the Manager within which this Session is valid. | 
| int | getMaxInactiveInterval()Return the maximum time interval, in seconds, between client requests
 before the servlet container will invalidate the session. | 
| Object | getNote(String name)Return the object bound with the specified name to the internal notes
 for this session, or  nullif no such binding exists. | 
| Iterator<String> | getNoteNames()Return an Iterator containing the String names of all notes bindings
 that exist for this session. | 
| Principal | getPrincipal()Return the authenticated Principal that is associated with this Session. | 
| ServletContext | getServletContext()Return the ServletContext to which this session belongs. | 
| HttpSession | getSession()Return the  HttpSessionfor which this object
 is the facade. | 
| HttpSessionContext | getSessionContext()Deprecated. 
 As of Version 2.1, this method is deprecated and has no
  replacement.  It will be removed in a future version of the
  Java Servlet API. | 
| long | getThisAccessedTime()Return the last time the client sent a request associated with this
 session, as the number of milliseconds since midnight, January 1, 1970
 GMT. | 
| long | getThisAccessedTimeInternal()Return the last client access time without invalidation check | 
| Object | getValue(String name)Deprecated. 
 As of Version 2.2, this method is replaced by
   getAttribute() | 
| String[] | getValueNames()Deprecated. 
 As of Version 2.2, this method is replaced by
   getAttributeNames() | 
| void | invalidate()Invalidates this session and unbinds any objects bound to it. | 
| boolean | isAttributeDistributable(String name,
                        Object value)Does the session implementation support the distributing of the given
 attribute? | 
| boolean | isNew()Return  trueif the client does not yet know about the
 session, or if the client chooses not to join the session. | 
| boolean | isValid()Return the  isValidflag for this session. | 
| protected boolean | isValidInternal()Return the  isValidflag for this session without any expiration
 check. | 
| protected String[] | keys()Return the names of all currently defined session attributes
 as an array of Strings. | 
| void | passivate()Perform the internal processing required to passivate
 this session. | 
| void | putValue(String name,
        Object value)Deprecated. 
 As of Version 2.2, this method is replaced by
   setAttribute() | 
| protected void | readObject(ObjectInputStream stream)Read a serialized version of this session object from the specified
 object input stream. | 
| void | readObjectData(ObjectInputStream stream)Read a serialized version of the contents of this session object from
 the specified object input stream, without requiring that the
 StandardSession itself have been serialized. | 
| void | recycle()Release all object references, and initialize instance variables, in
 preparation for reuse of this object. | 
| void | removeAttribute(String name)Remove the object bound with the specified name from this session. | 
| void | removeAttribute(String name,
               boolean notify)Remove the object bound with the specified name from this session. | 
| protected void | removeAttributeInternal(String name,
                       boolean notify)Remove the object bound with the specified name from this session. | 
| void | removeNote(String name)Remove any object bound to the specified name in the internal notes
 for this session. | 
| void | removeSessionListener(SessionListener listener)Remove a session event listener from this component. | 
| void | removeValue(String name)Deprecated. 
 As of Version 2.2, this method is replaced by
   removeAttribute() | 
| void | setAttribute(String name,
            Object value)Bind an object to this session, using the specified name. | 
| void | setAttribute(String name,
            Object value,
            boolean notify)Bind an object to this session, using the specified name. | 
| void | setAuthType(String authType)Set the authentication type used to authenticate our cached
 Principal, if any. | 
| void | setCreationTime(long time)Set the creation time for this session. | 
| void | setId(String id)Set the session identifier for this session. | 
| void | setId(String id,
     boolean notify)Set the session identifier for this session and optionally notifies any
 associated listeners that a new session has been created. | 
| void | setManager(Manager manager)Set the Manager within which this Session is valid. | 
| void | setMaxInactiveInterval(int interval)Set the maximum time interval, in seconds, between client requests
 before the servlet container will invalidate the session. | 
| void | setNew(boolean isNew)Set the  isNewflag for this session. | 
| void | setNote(String name,
       Object value)Bind an object to a specified name in the internal notes associated
 with this session, replacing any existing binding for this name. | 
| void | setPrincipal(Principal principal)Set the authenticated Principal that is associated with this Session. | 
| void | setValid(boolean isValid)Set the  isValidflag for this session. | 
| void | tellNew()Inform the listeners about the new session. | 
| String | toString()Return a string representation of this object. | 
| protected void | writeObject(ObjectOutputStream stream)Write a serialized version of this session object to the specified
 object output stream. | 
| void | writeObjectData(ObjectOutputStream stream)Write a serialized version of the contents of this session object to
 the specified object output stream, without requiring that the
 StandardSession itself have been serialized. | 
protected static final boolean STRICT_SERVLET_COMPLIANCE
protected static final boolean ACTIVITY_CHECK
protected static final boolean LAST_ACCESS_AT_START
protected static final String[] EMPTY_ARRAY
protected ConcurrentMap<String,Object> attributes
protected transient String authType
protected long creationTime
@Deprecated protected static final String[] excludedAttributes
Constants.excludedAttributeNames instead. Will be
             removed in Tomcat 9.protected transient volatile boolean expiring
protected transient StandardSessionFacade facade
protected String id
protected static final String info
protected volatile long lastAccessedTime
protected transient ArrayList<SessionListener> listeners
protected transient Manager manager
protected int maxInactiveInterval
protected boolean isNew
protected volatile boolean isValid
protected transient Map<String,Object> notes
protected transient Principal principal
protected static final StringManager sm
@Deprecated protected static volatile HttpSessionContext sessionContext
protected transient PropertyChangeSupport support
protected volatile long thisAccessedTime
protected transient AtomicInteger accessCount
public StandardSession(Manager manager)
manager - The manager with which this Session is associatedpublic String getAuthType()
getAuthType in interface Sessionpublic void setAuthType(String authType)
setAuthType in interface SessionauthType - The new cached authentication typepublic void setCreationTime(long time)
setCreationTime in interface Sessiontime - The new creation timepublic String getId()
getId in interface HttpSessiongetId in interface Sessionpublic String getIdInternal()
getIdInternal in interface Sessionpublic void setId(String id)
public void setId(String id, boolean notify)
public void tellNew()
public String getInfo()
<description>/<version>.public long getThisAccessedTime()
getThisAccessedTime in interface Sessionpublic long getThisAccessedTimeInternal()
getThisAccessedTimeInternal in interface SessiongetThisAccessedTime()public long getLastAccessedTime()
getLastAccessedTime in interface HttpSessiongetLastAccessedTime in interface Sessionlong representing the last time the client sent a
         request associated with this session, expressed in milliseconds
         since 1/1/1970 GMTpublic long getLastAccessedTimeInternal()
getLastAccessedTimeInternal in interface SessiongetLastAccessedTime()public Manager getManager()
getManager in interface Sessionpublic void setManager(Manager manager)
setManager in interface Sessionmanager - The new Managerpublic int getMaxInactiveInterval()
getMaxInactiveInterval in interface HttpSessiongetMaxInactiveInterval in interface SessionHttpSession.setMaxInactiveInterval(int)public void setMaxInactiveInterval(int interval)
setMaxInactiveInterval in interface HttpSessionsetMaxInactiveInterval in interface Sessioninterval - The new maximum intervalpublic void setNew(boolean isNew)
isNew flag for this session.public Principal getPrincipal()
Authenticator with a means to cache a
 previously authenticated Principal, and avoid potentially expensive
 Realm.authenticate() calls on every request.  If there
 is no current associated Principal, return null.getPrincipal in interface SessionAuthenticator with a means to cache a
 previously authenticated Principal, and avoid potentially expensive
 Realm.authenticate() calls on every request.  If there
 is no current associated Principal, return null.public void setPrincipal(Principal principal)
Authenticator with a means to cache a
 previously authenticated Principal, and avoid potentially expensive
 Realm.authenticate() calls on every request.setPrincipal in interface Sessionprincipal - The new Principal, or null if nonepublic HttpSession getSession()
HttpSession for which this object
 is the facade.getSession in interface SessionHttpSession for which this object
 is the facade.public boolean isValid()
isValid flag for this session.public void setValid(boolean isValid)
isValid flag for this session.public void access()
public void addSessionListener(SessionListener listener)
addSessionListener in interface Sessionlistener - the SessionListener instance that should be notified
   for session eventspublic void expire()
public void expire(boolean notify)
notify - Should we notify listeners about the demise of
  this session?public void passivate()
public void activate()
public Object getNote(String name)
null if no such binding exists.public Iterator<String> getNoteNames()
getNoteNames in interface Sessionpublic void recycle()
public void removeNote(String name)
removeNote in interface Sessionname - Name of the note to be removedpublic void removeSessionListener(SessionListener listener)
removeSessionListener in interface Sessionlistener - remove the session listener, which will no longer be
     notifiedpublic void setNote(String name, Object value)
public String toString()
public void readObjectData(ObjectInputStream stream) throws ClassNotFoundException, IOException
stream - The object input stream to read fromClassNotFoundException - if an unknown class is specifiedIOException - if an input/output error occurspublic void writeObjectData(ObjectOutputStream stream) throws IOException
stream - The object output stream to write toIOException - if an input/output error occurspublic long getCreationTime()
getCreationTime in interface HttpSessiongetCreationTime in interface Sessionlong specifying when this session was created,
         expressed in milliseconds since 1/1/1970 GMTIllegalStateException - if this method is called on an
  invalidated sessionpublic long getCreationTimeInternal()
getCreationTimeInternal in interface Sessionpublic ServletContext getServletContext()
getServletContext in interface HttpSession@Deprecated public HttpSessionContext getSessionContext()
getSessionContext in interface HttpSessionpublic Object getAttribute(String name)
null if no object is bound with that name.getAttribute in interface HttpSessionname - Name of the attribute to be returnedIllegalStateException - if this method is called on an
  invalidated sessionpublic Enumeration<String> getAttributeNames()
Enumeration of String objects
 containing the names of the objects bound to this session.getAttributeNames in interface HttpSessionEnumeration of String objects
         specifying the names of all the objects bound to this sessionIllegalStateException - if this method is called on an
  invalidated session@Deprecated public Object getValue(String name)
getAttribute()null if no object is bound with that name.getValue in interface HttpSessionname - Name of the value to be returnedIllegalStateException - if this method is called on an
  invalidated session@Deprecated public String[] getValueNames()
getAttributeNames()getValueNames in interface HttpSessionString objects specifying the names of
         all the objects bound to this sessionIllegalStateException - if this method is called on an
  invalidated sessionpublic void invalidate()
invalidate in interface HttpSessionIllegalStateException - if this method is called on
  an invalidated sessionpublic boolean isNew()
true if the client does not yet know about the
 session, or if the client chooses not to join the session.  For
 example, if the server used only cookie-based sessions, and the client
 has disabled the use of cookies, then a session would be new on each
 request.isNew in interface HttpSessiontrue if the server has created a session, but the
         client has not yet joinedIllegalStateException - if this method is called on an
  invalidated session@Deprecated public void putValue(String name, Object value)
setAttribute()
 After this method executes, and if the object implements
 HttpSessionBindingListener, the container calls
 valueBound() on the object.
putValue in interface HttpSessionname - Name to which the object is bound, cannot be nullvalue - Object to be bound, cannot be nullIllegalStateException - if this method is called on an
  invalidated sessionpublic void removeAttribute(String name)
 After this method executes, and if the object implements
 HttpSessionBindingListener, the container calls
 valueUnbound() on the object.
removeAttribute in interface HttpSessionname - Name of the object to remove from this session.IllegalStateException - if this method is called on an
  invalidated sessionpublic void removeAttribute(String name, boolean notify)
 After this method executes, and if the object implements
 HttpSessionBindingListener, the container calls
 valueUnbound() on the object.
name - Name of the object to remove from this session.notify - Should we notify interested listeners that this
  attribute is being removed?IllegalStateException - if this method is called on an
  invalidated session@Deprecated public void removeValue(String name)
removeAttribute()
 After this method executes, and if the object implements
 HttpSessionBindingListener, the container calls
 valueUnbound() on the object.
removeValue in interface HttpSessionname - Name of the object to remove from this session.IllegalStateException - if this method is called on an
  invalidated sessionpublic void setAttribute(String name, Object value)
 After this method executes, and if the object implements
 HttpSessionBindingListener, the container calls
 valueBound() on the object.
setAttribute in interface HttpSessionname - Name to which the object is bound, cannot be nullvalue - Object to be bound, cannot be nullIllegalArgumentException - if an attempt is made to add a
  non-serializable object in an environment marked distributable.IllegalStateException - if this method is called on an
  invalidated sessionpublic void setAttribute(String name, Object value, boolean notify)
 After this method executes, and if the object implements
 HttpSessionBindingListener, the container calls
 valueBound() on the object.
name - Name to which the object is bound, cannot be nullvalue - Object to be bound, cannot be nullnotify - whether to notify session listenersIllegalArgumentException - if an attempt is made to add a
  non-serializable object in an environment marked distributable.IllegalStateException - if this method is called on an
  invalidated sessionprotected boolean isValidInternal()
isValid flag for this session without any expiration
 check.public boolean isAttributeDistributable(String name, Object value)
IllegalArgumentException thrown if the proposed attribute is
 not distributable.
 
 Note that the Manager implementation may further restrict which
 attributes are distributed but a Manager level restriction should
 not trigger an IllegalArgumentException in
 HttpSession.setAttribute(String, Object)
 
This implementation simply checks the value for serializability. Sub-classes might use other distribution technology not based on serialization and can override this check.
isAttributeDistributable in interface Sessionname - The attribute namevalue - The attribute valuetrue if distribution is supported, otherwise falseprotected void readObject(ObjectInputStream stream) throws ClassNotFoundException, IOException
IMPLEMENTATION NOTE: The reference to the owning Manager is not restored by this method, and must be set explicitly.
stream - The input stream to read fromClassNotFoundException - if an unknown class is specifiedIOException - if an input/output error occursprotected void writeObject(ObjectOutputStream stream) throws IOException
 IMPLEMENTATION NOTE:  The owning Manager will not be stored
 in the serialized representation of this Session.  After calling
 readObject(), you must set the associated Manager
 explicitly.
 
 IMPLEMENTATION NOTE:  Any attribute that is not Serializable
 will be unbound from the session, with appropriate actions if it
 implements HttpSessionBindingListener.  If you do not want any such
 attributes, be sure the distributable property of the
 associated Manager is set to true.
stream - The output stream to write toIOException - if an input/output error occurs@Deprecated protected boolean exclude(String name)
exclude(String, Object). Will be removed in
             Tomcat 9.0.x.name - the attribute's nameprotected boolean exclude(String name, Object value)
isAttributeDistributable(String, Object) which is kept
       separate to support the checks required in
       setAttribute(String, Object, boolean)name - The attribute namevalue - The attribute valuetrue if the attribute should be excluded from
         distribution, otherwise false@Deprecated protected void fireContainerEvent(Context context, String type, Object data) throws Exception
org.apache.catalina.core.StandardContext.context - Context for which to fire eventstype - Event typedata - Event dataException - occurred during event firingpublic void fireSessionEvent(String type, Object data)
type - Event typedata - Event dataprotected String[] keys()
protected void removeAttributeInternal(String name, boolean notify)
 After this method executes, and if the object implements
 HttpSessionBindingListener, the container calls
 valueUnbound() on the object.
name - Name of the object to remove from this session.notify - Should we notify interested listeners that this
  attribute is being removed?Copyright © 2000-2020 Apache Software Foundation. All Rights Reserved.