com.ibm.websphere.servlet.session
Interface IBMSession

All Superinterfaces:
java.io.Externalizable, javax.servlet.http.HttpSession, java.io.Serializable
public interface IBMSession
extends javax.servlet.http.HttpSession, java.io.Externalizable

The IBMSession interface extends the javax.servlet.http.HttpSession interface of the Servlet API to

  • determine if sessions maximum limit has reached when overflow is turned off
  • get at user identity associated with session.
  • allow customer control writes of session changes to external place.

    WebSphere implementation of http session object implements this interface.

    With regards to overflow, when overflow is turned off in non persistent sessions mode, invalid session object is returned which can be used to determine if number of sessions in memory exceeded the value specified by Max In Memory Session Count property. Example code: IBMSession sess = (IBMSession) request.getSession(); if(sess.isOverFlow()) throw new ServletException("Maximum number of sessions reached on the server");

    With regards to security, when security integration is turned on in SessionManager, WebSphere Application Server maintains the notion of an authenticated or unauthenticated owner of a session. If a session is owned by an unauthenticated user (which we internally denote via the user name of "anonymous"), then a servlet operating under the credentials of any user can access the session, provided if request has session identifier(from either cookie or rewritten url). However, if the session is marked as being owned by an authenticated user (where the user name is provided by the WebSphere Security API's and management), then a servlet must be operating under the credentials of the same user in order for WebSphere to return the requested session to the servlet. A session gets denoted one time with the first authenticated user name seen by the Application Server while processing the session. This can either happen if the user has already been authenticated on the Http Request which leads to the creation of the session, or it can happen on the first authenticated user name seen after an "anonymous" session is created. Example code: IBMSession sess = (IBMSession) request.getSession(); String userName = sess.getUserName();

    With regard to sync in persistent sessions mode(both database and memory-to-memory), application can control when to persist the httpsession updates to external store by calling sync method on this extension. Starting from WebSphere version 5.0, this can be called independent of write frequency selected in SessionManager. Example code: IBMSession sess = (IBMSession) request.getSession(); sess.sync();

    See Also:
    UnauthorizedSessionRequestException, HttpSession

    Method Summary
     java.lang.String getUserName()
              To get at user identity associated with session.
     boolean isOverflow()
              to determine if number of sessions in memory exceeded the value specified by Max In Memory Session Count property on SessionManager.
     void sync()
              To persist the session updates to external store.
     
    Methods inherited from interface javax.servlet.http.HttpSession
    getAttribute, getAttributeNames, getCreationTime, getId, getLastAccessedTime, getMaxInactiveInterval, getServletContext, getSessionContext, getValue, getValueNames, invalidate, isNew, putValue, removeAttribute, removeValue, setAttribute, setMaxInactiveInterval
     
    Methods inherited from interface java.io.Externalizable
    readExternal, writeExternal
     

    Method Detail

    getUserName

    public java.lang.String getUserName()
    To get at user identity associated with session. When security integration is turned off on SessionManager, then this method will always return "anonymous". When security integration is turned on and if a session is accessed in a authenticated page, then this method returns authenticated user name as set by security context.

    sync

    public void sync()
    To persist the session updates to external store. This is applicable only in persistent sessions mode.

    isOverflow

    public boolean isOverflow()
    to determine if number of sessions in memory exceeded the value specified by Max In Memory Session Count property on SessionManager. This applicable only in non-persistent sessions mode. In persistent sessions mode this method always returns false.

     

    WebSphere is a trademark of the IBM Corporation in the United States, other countries, or both.

     

    IBM is a trademark of the IBM Corporation in the United States, other countries, or both.