JBossWeb/Tomcat HTTP Session Implementation Details: Difference between revisions
Jump to navigation
Jump to search
| Line 10: | Line 10: | ||
* Each <tt>org.apache.catalina.connector.Request</tt> maintains a direct reference to the active <tt>Session</tt> instance the request belongs to. The reference can be <tt>null</tt>. | * Each <tt>org.apache.catalina.connector.Request</tt> maintains a direct reference to the active <tt>Session</tt> instance the request belongs to. The reference can be <tt>null</tt>. | ||
* The repository of sessions for a specific application (context) is | * The repository of sessions for a specific application (context) is an instance of <tt>org.apache.catalina.Manager</tt>. The manager is referred to from the <tt>StandardContext</tt> via the <tt>manager</tt> reference. | ||
** If the application is not clustered, the <tt>Manager</tt> implementation is an <tt>org.apache.catalina.session.StandardManager</tt>. | |||
** If the application is clustered, the <tt>Manager</tt> implementation is an <tt>org.jboss.as.web.session.DistributableSessionManager</tt>. | |||
* Sessions are not created automatically by the Tomcat machinery, unless we invoke <tt>HttpServletRequest.getSession()</tt> (which is equivalent with <tt>HttpServletRequest.getSession(true)</tt>) or <tt>org.apache.catalina.connector.Request.getSessionInternal()</tt>. | * Sessions are not created automatically by the Tomcat machinery, unless we invoke <tt>HttpServletRequest.getSession()</tt> (which is equivalent with <tt>HttpServletRequest.getSession(true)</tt>) or <tt>org.apache.catalina.connector.Request.getSessionInternal()</tt>. | ||
* When <tt>HttpServletRequest.getSession()</tt> is invoked, the following happen: | * When <tt>HttpServletRequest.getSession()</tt> is invoked, the following happen: | ||
Revision as of 19:11, 15 July 2016
Internal
Relevance
- EAP 6.4.6
- JBoss AS 5.1.2
Lifecycle
- Each org.apache.catalina.connector.Request maintains a direct reference to the active Session instance the request belongs to. The reference can be null.
- The repository of sessions for a specific application (context) is an instance of org.apache.catalina.Manager. The manager is referred to from the StandardContext via the manager reference.
- If the application is not clustered, the Manager implementation is an org.apache.catalina.session.StandardManager.
- If the application is clustered, the Manager implementation is an org.jboss.as.web.session.DistributableSessionManager.
- Sessions are not created automatically by the Tomcat machinery, unless we invoke HttpServletRequest.getSession() (which is equivalent with HttpServletRequest.getSession(true)) or org.apache.catalina.connector.Request.getSessionInternal().
- When HttpServletRequest.getSession() is invoked, the following happen:
- The Manager instance is obtained from the StandardContext associated with the request.
- Manager.findSession(sessionId) is messaged on the Manager instance.
- The Session is looked up in the sessions map by its session ID. If found, it is returned.
- If no session is found, and org.apache.catalina.connector.Request.SESSION_ID_CHECK is true, the request tries to find the session with the ID equals to requestedSessionId among the Host's children.
- If no session is found, the Manager instance is messaged to createSession(sessionId).
- Once the session is created by the manager (and its id generated), the request then sets a "session" cookie on Response "Set-Cookie" "JSESSIONID=FFB6...56; Path=/mycontext". The internal implementation of the cookie is TomcatCookie.
SessionID Generation
SessionID is generated by ManagerBase.generateSessionId().
Session Counter
Maintained by the sessionCounter variable of the StandardManager instance of the web application.