Reading – Java™ Servlet Specification Version 2.4 – Session
HTTP 本身就是一种无状态协议, 但现在已经有很多 session tracking 机制.
1. Cookies
使用 cookie 是最常用的一种 session tracking 机制, 要求所有的 sevlet container 都支持这种机制. 这个 cookie 的 name 必须是 JSESSIONID.
2. SSL Sessions
HTTPS 默认就支持 session tracking.
3. URL Rewriting
当客户端不支持 cookie 时, 服务器可能会用 URL Rewriting 来实现 session tracking. URL Rewriting 机制会向 URL 追加 session ID 来将一个 request 跟一个 session 联系起来.
session ID 必须作为一个参数编码到 URL 字符串中. 这个参数的 name 必须是 jsessionid. 这是一个例子:
http://www.myserver.com/catalog/index.html;jsessionid=1234
当客户端不支持 cookie 时, container 通常使用 URL Rewriting.
Session Scope
HttpSession 对象必须是 application (or servlet context) 级别.
底层机制, 例如使用 cookie 建立 session, 对不同的 contexts 都是相同的, 但所引用的 object, 包括这个 object 中的 attributes, 永远都不可在 container 的不同 contexts 间共享.
用一个例子展示一下这种需求: 如果一个 servlet 使用 RequestDispatcher 去调用另一个 web application 中的 servlet, 对被调用的 servlet 所创建和可见的任何 sessions 必须与主 servlet(calling servlet) 中的 sessions 不同.
Session Timeouts
在 HTTP protocol 中, 当一个客户端不再活跃时, 是没有明确的终止信号来通知服务器的. 这意味着唯一的方法是使用 timeout 时间段.
默认的 timeout 时间段是由 servlet container 定义的, 可以通过 HttpSession 接口的 getMaxInactiveInterval 方法得到. Timeout 可以用 HttpSession 接口的 setMaxInactiveInterval 方法来改变. 根据定义, 如果 timeout 被设置为 -1, 这个 session 将永不过期.
使 session 失效不会马上就生效, 直到使用这个 session 的所有 servlets 都已经退出了 service 方法. 一旦 session invalidation 已经开始, 新的 request 务必不能再使用到这个 session.
Last Accessed Times
getLastAccessedTime 方法可得到 session 最后一次被访问的时间.
Session Threading Issues
需注意对 session 的同步访问.
Session Distributed Environments
Within an application marked as distributable, all requests that are part of a session must be handled by one Java Virtual Machine1 (“JVM”) at a time. The container must be able to handle all objects placed into instances of the HttpSession class using the setAttribute or putValue methods appropriately. The following restrictions are imposed to meet these conditions:
• The container must accept objects that implement the Serializable interface.
• The container may choose to support storage of other designated objects in the HttpSession, such as references to Enterprise JavaBeans components and transactions.
• Migration of sessions will be handled by container-specific facilities.
The distributed servlet container must throw an IllegalArgumentException for objects where the container cannot support the mechanism necessary for migration of the session storing them.
The distributed servlet container must support the mechanism necessary for migrating objects that implement Serializable. Distributed servlet containers that are part of a J2EE implementation must support the mechanism necessary for migrating other J2EE objects.
These restrictions mean that the Developer is ensured that there are no additional concurrency issues beyond those encountered in a non-distributed container.
The Container Provider can ensure scalability and quality of service features like load-balancing and failover by having the ability to move a session object, and its contents, from any active node of the distributed system to a different node of the system.
If distributed containers persist or migrate sessions to provide quality of service features, they are not restricted to using the native JVM Serialization mechanism for serializing HttpSessions and their attributes. Developers are not guaranteed that containers will call readObject and writeObject methods on session attributes if they implement them, but are guaranteed that the Serializable closure of their attributes will be preserved.
Containers must notify any session attributes implementing the HttpSessionActivationListener during migration of a session. They must notify listeners of passivation prior to serialization of a session, and of activation after deserialization of a session.
Application Developers writing distributed applications should be aware that since the container may run in more than one Java virtual machine, the developer cannot depend on static variables for storing an application state. They should store such states using an enterprise bean or a database.
Categorized in: Java · Tagged with: Java, Servlet
(No Ratings Yet)
Loading ...
(
