Package org.apache.shiro.session.mgt.eis

Interface SessionDAO

    • Method Summary

      All Methods Instance Methods Abstract Methods 
      Modifier and Type Method Description
      Serializable create​(Session session)
      Inserts a new Session record into the underling EIS (e.g.
      void delete​(Session session)
      Deletes the associated EIS record of the specified session.
      Collection<Session> getActiveSessions()
      Returns all sessions in the EIS that are considered active, meaning all sessions that haven't been stopped/expired.
      Session readSession​(Serializable sessionId)
      Retrieves the session from the EIS uniquely identified by the specified sessionId.
      void update​(Session session)
      Updates (persists) data from a previously created Session instance in the EIS identified by {@link Session#getId() session.getId()}.

    • Method Detail

      • create

        Serializable create​(Session session)
        Inserts a new Session record into the underling EIS (e.g. Relational database, file system, persistent cache, etc, depending on the DAO implementation).

        After this method is invoked, the Session.getId() method executed on the argument must return a valid session identifier. That is, the following should always be true: 

         Serializable id = create( session );
 id.equals( session.getId() ) == true

        Implementations are free to throw any exceptions that might occur due to integrity violation constraints or other EIS related errors.

        Parameters:
        session - the Session object to create in the EIS.
        Returns:
        the EIS id (e.g. primary key) of the created Session object.

      • readSession

        Session readSession​(Serializable sessionId)
             throws UnknownSessionException
        Retrieves the session from the EIS uniquely identified by the specified sessionId.
        Parameters:
        sessionId - the system-wide unique identifier of the Session object to retrieve from the EIS.
        Returns:
        the persisted session in the EIS identified by sessionId.
        Throws:
        UnknownSessionException - if there is no EIS record for any session with the specified sessionId

      • update

        void update​(Session session)
     throws UnknownSessionException
        Updates (persists) data from a previously created Session instance in the EIS identified by {@link Session#getId() session.getId()}. This effectively propagates the data in the argument to the EIS record previously saved.

        In addition to UnknownSessionException, implementations are free to throw any other exceptions that might occur due to integrity violation constraints or other EIS related errors.

        Parameters:
        session - the Session to update
        Throws:
        UnknownSessionException - if no existing EIS session record exists with the identifier of session.getSessionId()

      • delete

        void delete​(Session session)
        Deletes the associated EIS record of the specified session. If there never existed a session EIS record with the identifier of session.getId(), then this method does nothing.
        Parameters:
        session - the session to delete.

      • getActiveSessions

        Collection<Session> getActiveSessions()
        Returns all sessions in the EIS that are considered active, meaning all sessions that haven't been stopped/expired. This is primarily used to validate potential orphans.

        If there are no active sessions in the EIS, this method may return an empty collection or null.

        Performance

        This method should be as efficient as possible, especially in larger systems where there might be thousands of active sessions. Large scale/high performance implementations will often return a subset of the total active sessions and perform validation a little more frequently, rather than return a massive set and validate infrequently. If efficient and possible, it would make sense to return the oldest unstopped sessions available, ordered by lastAccessTime.

        Smart Results

        Ideally this method would only return active sessions that the EIS was certain should be invalided. Typically that is any session that is not stopped and where its lastAccessTimestamp is older than the session timeout.

        For example, if sessions were backed by a relational database or SQL-92 'query-able' enterprise cache, you might return something similar to the results returned by this query (assuming SimpleSessions were being stored): 

         select * from sessions s where s.lastAccessTimestamp < ? and s.stopTimestamp is null
        where the ? parameter is a date instance equal to 'now' minus the session timeout (e.g. now - 30 minutes).
        Returns:
        a Collection of Sessions that are considered active, or an empty collection or null if there are no active sessions.