JBossWeb/Tomcat HTTP Session Implementation Details: Difference between revisions

From NovaOrdis Knowledge Base
Jump to navigation Jump to search
Line 6: Line 6:
* JBoss AS 5.1.2
* JBoss AS 5.1.2


=Implementation Details=
=Lifecycle=
 
==Lifecycle==


* Each <tt>Request</tt> maintains a direct reference to the active <tt>Session</tt> instance for that request; it can be <tt>null</tt>.
* Each <tt>Request</tt> maintains a direct reference to the active <tt>Session</tt> instance for that request; it can be <tt>null</tt>.
* The repository of sessions for a specific application (context) is the {{StandardManager}} referred to from the {{StandardContext}} via the {{manager}} reference.
* The repository of sessions for a specific application (context) is the <tt>StandardManager</tt>} referred to from the <tt>StandardContext</tt> via the <tt>manager</tt> reference.
* Sessions are not created automatically by the Tomcat machinery, unless we invoke {{HttpServletRequest.getSession()}} (which is equivalent with {{HttpServletRequest.getSession(true)}}) or {{org.apache.catalina.connector.Request.getSessionInternal()}}.
* Sessions are not created automatically by the Tomcat machinery, unless we invoke <tt>HttpServletRequest.getSession()</tt> (which is equivalent with <tt>HttpServletRequest.getSession(true)</tt>) or <tt>org.apache.catalina.connector.Request.getSessionInternal()</tt>.
* When {{HttpServletRequest.getSession()}} is invoked, the following happen:
* When <tt>HttpServletRequest.getSession()</tt> is invoked, the following happen:
** The {{Manager}} instance is obtained from the {{StandardContext}} associated with the request.
** The <tt>Manager<tt> instance is obtained from the <tt>StandardContext</tt> associated with the request.
** {{Manager.findSession(sessionId)}} is messaged on the {{Manager}} instance.
** <tt>Manager.findSession(sessionId)</tt> is messaged on the <tt>Manager</tt> instance.
** The {{Session}} is looked up in the {{sessions}} map by its session ID. If found, it is returned.  
** The <tt>Session</tt> is looked up in the <tt>sessions</tt> map by its session ID. If found, it is returned.  
** If no session is found, and {{org.apache.catalina.connector.Request.SESSION_ID_CHECK}} is true, the request tries to find the session with the ID equals to requestedSessionId among the Host's children.
** If no session is found, and <tt>org.apache.catalina.connector.Request.SESSION_ID_CHECK</tt> is true, the request tries to find the session with the ID equals to requestedSessionId among the Host's children.
** If no session is found, the {{Manager}} instance is messaged to {{createSession(sessionId)}}.
** If no session is found, the <tt>Manager</tt> instance is messaged to <tt>createSession(sessionId)</tt>.
** Once the session is created by the manager (and its id generated), the request then sets a "session" cookie on Response "Set-Cookie" "JSESSIONID=FFB6...56; Path=/mycontext". The internal implementation of the cookie is {{TomcatCookie}}.
** Once the session is created by the manager (and its id generated), the request then sets a "session" cookie on Response "Set-Cookie" "JSESSIONID=FFB6...56; Path=/mycontext". The internal implementation of the cookie is <tt>TomcatCookie</tt>.


!!SessionID Generation
=SessionID Generation=


SessionID is generated by {{ManagerBase.generateSessionId()}}.
SessionID is generated by <tt>ManagerBase.generateSessionId()</tt>.


!!Sesssion Counter
=Session Counter=


Maintained by the {{sessionCounter}} variable of the {{StandardManager}} instance of the web application.
Maintained by the <tt>sessionCounter</tt> variable of the <tt>StandardManager</tt> instance of the web application.

Revision as of 23:06, 31 May 2016

Internal

Relevance

  • JBoss AS 5.1.2

Lifecycle

  • Each Request maintains a direct reference to the active Session instance for that request; it can be null.
  • The repository of sessions for a specific application (context) is the StandardManager} referred to from the StandardContext via the manager reference.
  • Sessions are not created automatically by the Tomcat machinery, unless we invoke HttpServletRequest.getSession() (which is equivalent with HttpServletRequest.getSession(true)) or org.apache.catalina.connector.Request.getSessionInternal().
  • When HttpServletRequest.getSession() is invoked, the following happen:
    • The Manager instance is obtained from the StandardContext associated with the request.
    • Manager.findSession(sessionId) is messaged on the Manager instance.
    • The Session is looked up in the sessions map by its session ID. If found, it is returned.
    • If no session is found, and org.apache.catalina.connector.Request.SESSION_ID_CHECK is true, the request tries to find the session with the ID equals to requestedSessionId among the Host's children.
    • If no session is found, the Manager instance is messaged to createSession(sessionId).
    • Once the session is created by the manager (and its id generated), the request then sets a "session" cookie on Response "Set-Cookie" "JSESSIONID=FFB6...56; Path=/mycontext". The internal implementation of the cookie is TomcatCookie.

SessionID Generation

SessionID is generated by ManagerBase.generateSessionId().

Session Counter

Maintained by the sessionCounter variable of the StandardManager instance of the web application.

Retrieved from "https://kb.novaordis.com/index.php?title=JBossWeb/Tomcat_HTTP_Session_Implementation_Details&oldid=9534"