JBossWeb/Tomcat HTTP Session Implementation Details

From NovaOrdis Knowledge Base
Jump to navigation Jump to search

Internal

Relevance

  • JBoss AS 5.1.2

Lifecycle

  • Each Request maintains a direct reference to the active Session instance for that request; it can be null.
  • The repository of sessions for a specific application (context) is the StandardManager} referred to from the StandardContext via the manager reference.
  • Sessions are not created automatically by the Tomcat machinery, unless we invoke HttpServletRequest.getSession() (which is equivalent with HttpServletRequest.getSession(true)) or org.apache.catalina.connector.Request.getSessionInternal().
  • When HttpServletRequest.getSession() is invoked, the following happen:
    • The Manager instance is obtained from the StandardContext associated with the request.
    • Manager.findSession(sessionId) is messaged on the Manager instance.
    • The Session is looked up in the sessions map by its session ID. If found, it is returned.
    • If no session is found, and org.apache.catalina.connector.Request.SESSION_ID_CHECK is true, the request tries to find the session with the ID equals to requestedSessionId among the Host's children.
    • If no session is found, the Manager instance is messaged to createSession(sessionId).
    • Once the session is created by the manager (and its id generated), the request then sets a "session" cookie on Response "Set-Cookie" "JSESSIONID=FFB6...56; Path=/mycontext". The internal implementation of the cookie is TomcatCookie.

SessionID Generation

SessionID is generated by ManagerBase.generateSessionId().

Session Counter

Maintained by the sessionCounter variable of the StandardManager instance of the web application.

Retrieved from "https://kb.novaordis.com/index.php?title=JBossWeb/Tomcat_HTTP_Session_Implementation_Details&oldid=9534"