001 /** 002 * 003 * Copyright 2003-2004 The Apache Software Foundation 004 * 005 * Licensed under the Apache License, Version 2.0 (the "License"); 006 * you may not use this file except in compliance with the License. 007 * You may obtain a copy of the License at 008 * 009 * http://www.apache.org/licenses/LICENSE-2.0 010 * 011 * Unless required by applicable law or agreed to in writing, software 012 * distributed under the License is distributed on an "AS IS" BASIS, 013 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. 014 * See the License for the specific language governing permissions and 015 * limitations under the License. 016 */ 017 018 // 019 // This source code implements specifications defined by the Java 020 // Community Process. In order to remain compliant with the specification 021 // DO NOT add / change / or delete method signatures! 022 // 023 024 package javax.servlet.http; 025 026 import java.util.Enumeration; 027 import javax.servlet.ServletContext; 028 029 /** 030 * Provides a way to identify a user across more than one page 031 * request or visit to a Web site and to store information about that user. 032 * 033 * <p>The servlet container uses this interface to create a session 034 * between an HTTP client and an HTTP server. The session persists 035 * for a specified time period, across more than one connection or 036 * page request from the user. A session usually corresponds to one 037 * user, who may visit a site many times. The server can maintain a 038 * session in many ways such as using cookies or rewriting URLs. 039 * 040 * <p>This interface allows servlets to 041 * <ul> 042 * <li>View and manipulate information about a session, such as 043 * the session identifier, creation time, and last accessed time 044 * <li>Bind objects to sessions, allowing user information to persist 045 * across multiple user connections 046 * </ul> 047 * 048 * <p>When an application stores an object in or removes an object from a 049 * session, the session checks whether the object implements 050 * {@link HttpSessionBindingListener}. If it does, 051 * the servlet notifies the object that it has been bound to or unbound 052 * from the session. Notifications are sent after the binding methods complete. 053 * For session that are invalidated or expire, notifications are sent after 054 * the session has been invalidatd or expired. 055 * 056 * <p> When container migrates a session between VMs in a distributed container 057 * setting, all session attributes implementing the {@link HttpSessionActivationListener} 058 * interface are notified. 059 * 060 * <p>A servlet should be able to handle cases in which 061 * the client does not choose to join a session, such as when cookies are 062 * intentionally turned off. Until the client joins the session, 063 * <code>isNew</code> returns <code>true</code>. If the client chooses 064 * not to join 065 * the session, <code>getSession</code> will return a different session 066 * on each request, and <code>isNew</code> will always return 067 * <code>true</code>. 068 * 069 * <p>Session information is scoped only to the current web application 070 * (<code>ServletContext</code>), so information stored in one context 071 * will not be directly visible in another. 072 * 073 * @see HttpSessionBindingListener 074 * @see HttpSessionContext 075 * 076 * @version $Rev: 46019 $ $Date: 2004-09-14 02:56:06 -0700 (Tue, 14 Sep 2004) $ 077 */ 078 public interface HttpSession { 079 /** 080 * Returns the time when this session was created, measured 081 * in milliseconds since midnight January 1, 1970 GMT. 082 * 083 * @return a <code>long</code> specifying when this session was created, 084 * expressed in milliseconds since 1/1/1970 GMT 085 * 086 * @exception IllegalStateException if this method is called on an 087 * invalidated session 088 */ 089 public long getCreationTime(); 090 091 /** 092 * Returns a string containing the unique identifier assigned to this 093 * session. The identifier is assigned by the servlet container and is 094 * implementation dependent. 095 * 096 * @return a string specifying the identifier assigned to this session 097 * 098 * @exception IllegalStateException if this method is called on an 099 * invalidated session 100 */ 101 public String getId(); 102 103 /** 104 * Returns the last time the client sent a request associated with 105 * this session, as the number of milliseconds since midnight 106 * January 1, 1970 GMT, and marked by the time the container received the request. 107 * 108 * <p>Actions that your application takes, such as getting or setting 109 * a value associated with the session, do not affect the access 110 * time. 111 * 112 * @return a <code>long</code> representing the last time the client sent 113 * a request associated with this session, expressed in milliseconds since 114 * 1/1/1970 GMT 115 * 116 * @exception IllegalStateException if this method is called on an 117 * invalidated session 118 */ 119 public long getLastAccessedTime(); 120 121 /** 122 * Returns the ServletContext to which this session belongs. 123 * 124 * @return The ServletContext object for the web application 125 * @since Servlet 2.3 126 */ 127 public ServletContext getServletContext(); 128 129 /** 130 * Specifies the time, in seconds, between client requests before the 131 * servlet container will invalidate this session. A negative time 132 * indicates the session should never timeout. 133 * 134 * @param interval An integer specifying the number of seconds 135 */ 136 public void setMaxInactiveInterval(int interval); 137 138 /** 139 * Returns the maximum time interval, in seconds, that 140 * the servlet container will keep this session open between 141 * client accesses. After this interval, the servlet container 142 * will invalidate the session. The maximum time interval can be set 143 * with the <code>setMaxInactiveInterval</code> method. 144 * A negative time indicates the session should never timeout. 145 * 146 * @return an integer specifying the number of seconds this session 147 * remains open between client requests 148 * 149 * @see #setMaxInactiveInterval 150 */ 151 public int getMaxInactiveInterval(); 152 153 /** 154 * @deprecated As of Version 2.1, this method is deprecated and has no 155 * replacement. It will be removed in a future version of the Java Servlet 156 * API. 157 */ 158 public HttpSessionContext getSessionContext(); 159 160 /** 161 * Returns the object bound with the specified name in this session, or 162 * <code>null</code> if no object is bound under the name. 163 * 164 * @param name a string specifying the name of the object 165 * 166 * @return the object with the specified name 167 * 168 * @exception IllegalStateException if this method is called on an 169 * invalidated session 170 */ 171 public Object getAttribute(String name); 172 173 /** 174 * @deprecated As of Version 2.2, this method is replaced by 175 * {@link #getAttribute}. 176 * 177 * @param name a string specifying the name of the object 178 * 179 * @return the object with the specified name 180 * 181 * @exception IllegalStateException if this method is called on an 182 * invalidated session 183 */ 184 public Object getValue(String name); 185 186 /** 187 * Returns an <code>Enumeration</code> of <code>String</code> objects 188 * containing the names of all the objects bound to this session. 189 * 190 * @return an <code>Enumeration</code> of <code>String</code> objects 191 * specifying the names of all the objects bound to this session 192 * 193 * @exception IllegalStateException if this method is called on an 194 * invalidated session 195 */ 196 public Enumeration getAttributeNames(); 197 198 /** 199 * @deprecated As of Version 2.2, this method is replaced by 200 * {@link #getAttributeNames} 201 * 202 * @return an array of <code>String</code> objects specifying the names of 203 * all the objects bound to this session 204 * 205 * @exception IllegalStateException if this method is called on an 206 * invalidated session 207 */ 208 public String[] getValueNames(); 209 210 /** 211 * Binds an object to this session, using the name specified. If an object 212 * of the same name is already bound to the session, the object is 213 * replaced. 214 * 215 * <p>After this method executes, and if the new object implements 216 * <code>HttpSessionBindingListener</code>, the container calls 217 * <code>HttpSessionBindingListener.valueBound</code>. The container then 218 * notifies any <code>HttpSessionAttributeListener</code>s in the web 219 * application. 220 * 221 * <p>If an object was already bound to this session of this name 222 * that implements <code>HttpSessionBindingListener</code>, its 223 * <code>HttpSessionBindingListener.valueUnbound</code> method is called. 224 * 225 * <p>If the value passed in is null, this has the same effect as calling 226 * <code>removeAttribute()<code>. 227 * 228 * @param name the name to which the object is bound; cannot be null 229 * 230 * @param value the object to be bound 231 * 232 * @exception IllegalStateException if this method is called on an 233 * invalidated session 234 */ 235 public void setAttribute(String name, Object value); 236 237 /** 238 * @deprecated As of Version 2.2, this method is replaced by 239 * {@link #setAttribute} 240 * 241 * @param name the name to which the object is bound; cannot be null 242 * 243 * @param value the object to be bound; cannot be null 244 * 245 * @exception IllegalStateException if this method is called on an 246 * invalidated session 247 */ 248 public void putValue(String name, Object value); 249 250 /** 251 * Removes the object bound with the specified name from this session. 252 * If the session does not have an object bound with the specified name, 253 * this method does nothing. 254 * 255 * <p>After this method executes, and if the object implements 256 * <code>HttpSessionBindingListener</code>, the container calls 257 * <code>HttpSessionBindingListener.valueUnbound</code>. The container 258 * then notifies any <code>HttpSessionAttributeListener</code>s in the web 259 * application. 260 * 261 * @param name the name of the object to remove from this session 262 * 263 * @exception IllegalStateException if this method is called on an 264 * invalidated session 265 */ 266 public void removeAttribute(String name); 267 268 /** 269 * @deprecated As of Version 2.2, this method is replaced by 270 * {@link #removeAttribute} 271 * 272 * @param name the name of the object to remove from this session 273 * 274 * @exception IllegalStateException if this method is called on an 275 * invalidated session 276 */ 277 public void removeValue(String name); 278 279 /** 280 * Invalidates this session then unbinds any objects bound to it. 281 * 282 * @exception IllegalStateException if this method is called on an already 283 * invalidated session 284 */ 285 public void invalidate(); 286 287 /** 288 * Returns <code>true</code> if the client does not yet know about the 289 * session or if the client chooses not to join the session. For 290 * example, if the server used only cookie-based sessions, and 291 * the client had disabled the use of cookies, then a session would 292 * be new on each request. 293 * 294 * @return <code>true</code> if the server has created a session, but the 295 * client has not yet joined 296 * 297 * @exception IllegalStateException if this method is called on an already 298 * invalidated session 299 */ 300 public boolean isNew(); 301 } 302