JBossWeb/Tomcat HTTP Session Implementation Details
Jump to navigation
Jump to search
Internal
Relevance
- EAP 6.4.6
- JBoss AS 5.1.2
Lifecycle
- Each org.apache.catalina.connector.Request maintains a direct reference to the active Session instance the request belongs to. The reference can be null.
- The repository of sessions for a specific application (context) is the StandardManager} referred to from the StandardContext via the manager reference.
- Sessions are not created automatically by the Tomcat machinery, unless we invoke HttpServletRequest.getSession() (which is equivalent with HttpServletRequest.getSession(true)) or org.apache.catalina.connector.Request.getSessionInternal().
- When HttpServletRequest.getSession() is invoked, the following happen:
- The Manager instance is obtained from the StandardContext associated with the request.
- Manager.findSession(sessionId) is messaged on the Manager instance.
- The Session is looked up in the sessions map by its session ID. If found, it is returned.
- If no session is found, and org.apache.catalina.connector.Request.SESSION_ID_CHECK is true, the request tries to find the session with the ID equals to requestedSessionId among the Host's children.
- If no session is found, the Manager instance is messaged to createSession(sessionId).
- Once the session is created by the manager (and its id generated), the request then sets a "session" cookie on Response "Set-Cookie" "JSESSIONID=FFB6...56; Path=/mycontext". The internal implementation of the cookie is TomcatCookie.
SessionID Generation
SessionID is generated by ManagerBase.generateSessionId().
Session Counter
Maintained by the sessionCounter variable of the StandardManager instance of the web application.