1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
287
288
289
290
291
292
293
294
295
296
297
298
299
300
301
302
303
304
305
306
307
308
309
310
311
312
313
314
315
316
317
318
319
320
321
322
323
324
325
326
327
328
329
330
331
332
333
334
335
336
337
338
339
340
341
342
343
344
345
346
347
348
349
350
351
352
353
354
355
356
357
358
359
360
361
362
363
364
365
366
|
/*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership.
* The ASF licenses this file to You under the Apache License, Version 2.0
* (the "License"); you may not use this file except in compliance with
* the License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS,
* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
* See the License for the specific language governing permissions and
* limitations under the License.
*/
package org.apache.catalina;
import java.security.Principal;
import java.util.Iterator;
import jakarta.servlet.http.HttpSession;
/**
* A <b>Session</b> is the Catalina-internal facade for an <code>HttpSession</code> that is used to maintain state
* information between requests for a particular user of a web application.
*
* @author Craig R. McClanahan
*/
public interface Session {
// ----------------------------------------------------- Manifest Constants
/**
* The SessionEvent event type when a session is created.
*/
String SESSION_CREATED_EVENT = "createSession";
/**
* The SessionEvent event type when a session is destroyed.
*/
String SESSION_DESTROYED_EVENT = "destroySession";
/**
* The SessionEvent event type when a session is activated.
*/
String SESSION_ACTIVATED_EVENT = "activateSession";
/**
* The SessionEvent event type when a session is passivated.
*/
String SESSION_PASSIVATED_EVENT = "passivateSession";
// ------------------------------------------------------------- Properties
/**
* @return the authentication type used to authenticate our cached Principal, if any.
*/
String getAuthType();
/**
* Set the authentication type used to authenticate our cached Principal, if any.
*
* @param authType The new cached authentication type
*/
void setAuthType(String authType);
/**
* @return the creation time for this session.
*/
long getCreationTime();
/**
* @return the creation time for this session, bypassing the session validity checks.
*/
long getCreationTimeInternal();
/**
* Set the creation time for this session. This method is called by the Manager when an existing Session instance is
* reused.
*
* @param time The new creation time
*/
void setCreationTime(long time);
/**
* @return the session identifier for this session.
*/
String getId();
/**
* @return the session identifier for this session.
*/
String getIdInternal();
/**
* Set the session identifier for this session and notifies any associated listeners that a new session has been
* created.
*
* @param id The new session identifier
*/
void setId(String id);
/**
* Set the session identifier for this session and optionally notifies any associated listeners that a new session
* has been created.
*
* @param id The new session identifier
* @param notify Should any associated listeners be notified that a new session has been created?
*/
void setId(String id, boolean notify);
/**
* @return the last time the client sent a request associated with this session, as the number of milliseconds since
* midnight, January 1, 1970 GMT. Actions that your application takes, such as getting or setting a
* value associated with the session, do not affect the access time. This one gets updated whenever a
* request starts.
*/
long getThisAccessedTime();
/**
* @return the last client access time without invalidation check
*
* @see #getThisAccessedTime()
*/
long getThisAccessedTimeInternal();
/**
* @return the last time the client sent a request associated with this session, as the number of milliseconds since
* midnight, January 1, 1970 GMT. Actions that your application takes, such as getting or setting a
* value associated with the session, do not affect the access time. This one gets updated whenever a
* request finishes.
*/
long getLastAccessedTime();
/**
* @return the last client access time without invalidation check
*
* @see #getLastAccessedTime()
*/
long getLastAccessedTimeInternal();
/**
* @return the idle time (in milliseconds) from last client access time.
*/
long getIdleTime();
/**
* @return the idle time from last client access time without invalidation check
*
* @see #getIdleTime()
*/
long getIdleTimeInternal();
/**
* @return the Manager within which this Session is valid.
*/
Manager getManager();
/**
* Set the Manager within which this Session is valid.
*
* @param manager The new Manager
*/
void setManager(Manager manager);
/**
* @return the maximum time interval, in seconds, between client requests before the servlet container will
* invalidate the session. A negative time indicates that the session should never time out.
*/
int getMaxInactiveInterval();
/**
* Set the maximum time interval, in seconds, between client requests before the servlet container will invalidate
* the session. A negative time indicates that the session should never time out.
*
* @param interval The new maximum interval
*/
void setMaxInactiveInterval(int interval);
/**
* Returns whether the session was created during the current request.
*
* @return {@code true} if the session was created during the current request.
*/
boolean isNew();
/**
* Set the <code>isNew</code> flag for this session.
*
* @param isNew The new value for the <code>isNew</code> flag
*/
void setNew(boolean isNew);
/**
* @return the authenticated Principal that is associated with this Session. This provides an
* <code>Authenticator</code> with a means to cache a previously authenticated Principal, and avoid
* potentially expensive <code>Realm.authenticate()</code> calls on every request. If there is no
* current associated Principal, return <code>null</code>.
*/
Principal getPrincipal();
/**
* Set the authenticated Principal that is associated with this Session. This provides an <code>Authenticator</code>
* with a means to cache a previously authenticated Principal, and avoid potentially expensive
* <code>Realm.authenticate()</code> calls on every request.
*
* @param principal The new Principal, or <code>null</code> if none
*/
void setPrincipal(Principal principal);
/**
* @return the <code>HttpSession</code> for which this object is the facade.
*/
HttpSession getSession();
/**
* Set the <code>isValid</code> flag for this session.
*
* @param isValid The new value for the <code>isValid</code> flag
*/
void setValid(boolean isValid);
/**
* @return <code>true</code> if the session is still valid
*/
boolean isValid();
// --------------------------------------------------------- Public Methods
/**
* Update the accessed time information for this session. This method should be called by the context when a request
* comes in for a particular session, even if the application does not reference it.
*/
void access();
/**
* Add a session event listener to this component.
*
* @param listener the SessionListener instance that should be notified for session events
*/
void addSessionListener(SessionListener listener);
/**
* End access to the session.
*/
void endAccess();
/**
* Perform the internal processing required to invalidate this session, without triggering an exception if the
* session has already expired.
*/
void expire();
/**
* @return the object bound with the specified name to the internal notes for this session, or <code>null</code> if
* no such binding exists.
*
* @param name Name of the note to be returned
*/
Object getNote(String name);
/**
* @return an Iterator containing the String names of all notes bindings that exist for this session.
*/
Iterator<String> getNoteNames();
/**
* Release all object references, and initialize instance variables, in preparation for reuse of this object.
*/
void recycle();
/**
* Remove any object bound to the specified name in the internal notes for this session.
*
* @param name Name of the note to be removed
*/
void removeNote(String name);
/**
* Remove a session event listener from this component.
*
* @param listener remove the session listener, which will no longer be notified
*/
void removeSessionListener(SessionListener listener);
/**
* Bind an object to a specified name in the internal notes associated with this session, replacing any existing
* binding for this name.
*
* @param name Name to which the object should be bound
* @param value Object to be bound to the specified name
*/
void setNote(String name, Object value);
/**
* Inform the listeners about the change session ID.
*
* @param newId new session ID
* @param oldId old session ID
* @param notifySessionListeners Should any associated sessionListeners be notified that session ID has been
* changed?
* @param notifyContainerListeners Should any associated ContainerListeners be notified that session ID has been
* changed?
*/
void tellChangedSessionId(String newId, String oldId, boolean notifySessionListeners,
boolean notifyContainerListeners);
/**
* Does the session implementation support the distributing of the given attribute? If the Manager is marked as
* distributable, then this method must be used to check attributes before adding them to a session and an
* {@link IllegalArgumentException} thrown if the proposed attribute is not distributable.
* <p>
* Note that the {@link Manager} implementation may further restrict which attributes are distributed but a
* {@link Manager} level restriction should not trigger an {@link IllegalArgumentException} in
* {@link HttpSession#setAttribute(String, Object)}
*
* @param name The attribute name
* @param value The attribute value
*
* @return {@code true} if distribution is supported, otherwise {@code
* false}
*/
boolean isAttributeDistributable(String name, Object value);
}
|
