Session management is a mechanism to maintain state about a series of requests from the same user across some period of time. That is, the term "session" refers to the time that a user is at a particular web site. The problem is, that HTTP has no mechanism to maintain state. Individual requests aren't related to each other. The Web server can't easily distinguish between single users and doesn't know about user sessions. Session management refers to the way that associate data with a user during a visit to a Web page. For example, a typical online shopping program’s session might include logging in, putting an item into the shopping cart, going to the checkout page, entering address and credit card data, submitting the order, and closing the browser window. DQM includes native session management functions to ease the task of managing user sessions.
The session object is implemented by services to provide an association between an HTTP client and HTTP server. This association, or session, persists over multiple connections and/or requests during a given time period. Sessions are used to maintain state and user identity across multiple page requests. A session can be maintained either by using cookies or by URL rewriting.
|
Notice: Because the session will occupy resources, so if not need to use it you can close session function. The session can’t be used when closed it. Open or closed session directives please see section 3.2. |
1. public void setAttribute(String name, Object value)
Binds the specified object into the session's application layer data with the given name. Any existing binding with the same name is replaced. If
Parameters: name - the name to which the data object will be bound.
value - the data object to be bound, if it’s null then equal to “removeAttribute(name)” method.
Throws: If value of parameter “name” is null then throws IllegalArgumentException.
2. public Object getAttribute(String name)
Returns the object bound to the given name in the session's application layer data. Returns null if there is no such binding.
Parameters: name - the name of the binding to find.
Returns: the value bound to that name, or null if the binding does not exist.
3. public void removeAttribute(String name)
Removes the object bound to the given name in the session's application layer data. Does nothing if there is no object bound to the given name.
Parameters: name - the name of the object to remove
For example: a dqm file “sessionName.dqm”, it’s source code:
|
1 2 3 4 5 6 7 8 9 10 11 12 13
14 15 16 17 18 19 20 21 22 23 24 25 |
<html>
<head> <meta http-equiv="Content-Language" content="zh-cn"> <meta http-equiv="Content-Type" content="text/html; charset=gb2312"> <title>The names of visitor</title> </head>
<body>
<form method="POST" action="addSessionName.dqm"> <p>Visitor's name: <input type="text" name="sessionName" size="20"></p> <p><input type="submit" value="Submit" name="B1"><input type="reset" value="Reset" name="B2"> <a href="delSessionName.dqm">Delete name</a></p> </form> <%String name = (String)session.getAttribute("name"); if (name == null) { name = "Guest"; } %> <p>Welcome: <%=name%></p>
</body>
</html> |
At above source code line 16, it will read name of visitor from current session. If has not read to the visitor’s name then set name to “Guest” (source code line 17 to 19). Last we display visitor’s name (soure code line 21).
The dqm file “addSessionName.dqm” can add a name into current session, it’s source code:
|
1 2 3 4 5 6 7 8 9 10 |
<% String name = request.getParameter("sessionName"); if (name != null) { session.setAttribute("name", name); out.print("Add the names of visitor ok!"); } else { out.print("Please input names of visitor!"); } %> |
The dqm file “delSessionName.dqm” can delete name from current session (if exist visitor’s name), source code:
|
1 2 3 4 5 |
<% session.removeAttribute("name"); %>
Visitor's name has been deleted! |
First execute “sessionName.dqm”, you will see “Welcome: Guest” (picture 8-2-1), because this time no name in the session.
Picture 8-2-1
Next we input “dunne” into “Visitor’s name” field and submit it, after execute “sessionName.dqm” again then you can see “Welcome: dunne” (if not see it please refresh). If at this time using another computer to visit “sessionName.dqm” then will still see that "You are Welcome: Guest". Because different customer with different session.
If click link of “Delete name” in “sessionName.dqm”, then visit “sessionName.dqm” again, you will see name has been deleted, it will be like the first show that "Welcome: Guest".
The session object itself also has many information, for instance the session survival time, sessionID…
1. public long getCreationTime()
Returns the time at which this session representation was created, in milliseconds since midnight, January 1, 1970 UTC.
Returns: the time when the session was created
2. public long getLastAccessedTime()
Returns the last time the client sent a request carrying the identifier assigned to the session. Time is expressed as milliseconds since midnight, January 1, 1970 UTC. Application level operations, such as getting or setting a value associated with the session, does not affect the access time.
Returns: the last time the client sent a request carrying the identifier assigned to the session
3. public void setMaxInactiveInterval(int interval)
Sets the maximum interval between requests that this session will be kept by the host server.
Parameters: the length of max inactive interval in seconds
4. public int getMaxInactiveInterval()
Returns: Current session’s maximum inactive interval in seconds
5. public boolean isNew()
A session is considered to be "new" if it has been created by the server, but the client has not yet acknowledged joining the session.
Returns: true if the session has been created by the server but the client has not yet acknowledged joining the session; false otherwise
6. public String getId()
Returns the identifier assigned to this session. An HttpSession's identifier is a unique string that is created and maintained by DQM Context.
Returns: the identifier assigned to this session
Example, the dqm file “sessionInfo.dqm” using these methods, it’s source code:
|
1 2 3
4 5
6 7 8 |
<pre> Current session creation time: <%=new java.util.Date(session.getCreationTime())%> Current session LastAccessedTime: <%=new java.util.Date(session.getLastAccessedTime())%> Current session maximum interval: <%=session.getMaxInactiveInterval()%> second(s) Set current session maximum interval to 5 minutes<%session.setMaxInactiveInterval(60 * 5);%> Is a new session: <%=session.isNew()%> Current session identifier: <%=session.getId()%> </pre> |
When first time visits this dqm file the result is approximately as follows:
|
1 2 3 4 5 6 |
Current session creation time: Fri Oct 19 13:46:17 GMT+08:00 2007 Current session LastAccessedTime: Fri Oct 19 13:46:17 GMT+08:00 2007 Current session maximum interval: 1200 second(s) Set current session maximum interval to 5 minutes Is a new session: true Current session identifier: 83d89e2e-8d04-455a-b36f-e77358a9bc00 |
From the above results can be seen that a new session created when first visit (result line 5). The maximum interval of session is 1200 seconds (this value was set by default, result line 3). Session creation time is equal to last accessed time, because it’s a new session (result line 1 and 2).
When visit it again, the result:
|
1 2 3 4 5 6 |
Current session creation time: Fri Oct 19 13:46:17 GMT+08:00 2007 Current session LastAccessedTime: Fri Oct 19 13:51:09 GMT+08:00 2007 Current session maximum interval: 300 second(s) Set current session maximum interval to 5 minutes Is a new session: false Current session identifier: 83d89e2e-8d04-455a-b36f-e77358a9bc00 |
You can see this time session was not new created (second result line 5), and maximum interval of session become 300 seconds (refer to source code 5). The same reasoning that session creation time is not equal to last accessed time (second result line 1 and 2).
We known the session will be expired, but system will not release the memory of expired session immediately, so system will release memory of expired session periodically (please refer to section 2.1). Of course, you can set max inactive interval to negative value, so session will expire immediate but this does not mean that system will release memory of expired session immediately. Ok if you use the method of this section then can release memory of expired session immediately.
1. public void invalidate()
Causes this representation of the session to be invalidated and removed from its context
For example, the dqm file “removeSession1.dqm” can add a name into current session. Source code:
|
<%session.setAttribute("name", "Shemin Dunne");%> Add session ok. |
The dqm file “removeSession2.dqm” can get name from current session, source code:
|
Name: <%=session.getAttribute("name")%> |
The dqm file “removeSession3.dqm” used “invalidate” method to clear session, source code:
|
<%session.invalidate();%> Clear session use "invalidate" method. |
The dqm file “removeSession4.dqm” used “setMaxInactiveInterval” method to clear session, source code:
|
<%session.setMaxInactiveInterval(-1);%> Clear session use "setMaxInactiveInterval" method. |
First we visit “removeSession1.dqm”, next visit “removeSession2.dqm” then you can see name’s value is “Shemin Dunne”. Next if we visit “removeSession3.dqm” or “removeSession4.dqm” then you will find that two dqm file all can clear session, but there is still a difference, use “invalidate” can clear current session and release it’s memory immediately, use “setMaxInactiveInterval” can clear current session too but system will not release it’s memory immediately.