HTTP protocol is stateless. To make it state-full, server creates a HttpSessoin for each session. Container recogniges each client by sessionid. Session-ID can be found in jsessionid in HTTPResponse. Server replies with session-id, when the client sends the request first time. Sesson-id is put in the Cookie. For the sub sequent request/response, cookie is being exchanged.
Sending a session cookie in the RESPONSE
HttpSession session=request.getSession();
Getting the session ID from the REQUEST
HttpSession session=request.getSession();
Session also can be created, with HTTP session related listener's event.
Interfaces are
Interfaces are
- HttpSessionListener -- Lifecycle
- HttpSessionAttributeListener -- Changes to attributes
- HttpSessionActivationListener -- Session migration
- HttpSessionBindingListener -- Object binding
- HttpSessionIdListener -- Changes to id
Checking a session is created or already exists
session.isNew()
How to get pre-existing session
HttpSession session=request.getSession(false); //Passing false means it returns pre-existed session or null
if (session == null)
{
session= request.getSession(); // create a new session
}
getSession() and getSession(true) is same. It creates a new session if session does not exist.
Key HttpSession Method
getCreationTime - Returns the time the session was first created
getLastAccessedTime - Returns the last time time the container got a request with this session ID (in milliseconds)
setMaxInactiveInterval - Specifies the maximum time in seconds that is allowed between clients requests
getMaxInactiveInterval - Returns the maximum time in seconds that is allowed between clients requests
invalidate - Ends the session
getLastAccessedTime - Returns the last time time the container got a request with this session ID (in milliseconds)
setMaxInactiveInterval - Specifies the maximum time in seconds that is allowed between clients requests
getMaxInactiveInterval - Returns the maximum time in seconds that is allowed between clients requests
invalidate - Ends the session
Setting session timeout
3 ways a session can die
- It time out
- You call invalidate() on the session object
- The application goes down.
Configuring session time out
setting session timeout in DD in minutes
<session-config> <session-timeout>15</session-timeout> </session-config>
setting timeout for a specific session in seconds (eg: 20minutes)
If you pass 0 as parameter, session will be invalidate immediately.
session.setMaxInactiveInterval(20*60);If you pass 0 as parameter, session will be invalidate immediately.
No comments:
Post a Comment