public interface Session
Request.session()
.
Sessions have a lot of uses cases but most commons are: auth, store information about current
user, etc.
Session timeout is defined by the application.session.timeout
property, by default a
session will be invalidated after 1800 seconds (30 minutes) of inactivity. Alternative, you can
set session timeout from Session.Definition.timeout(int)
.
Session data can be persisted, in order to do that you must provide an implementation of
Session.Store
. Sessions are kept in memory, by default.
The application.session.saveInterval
property indicates how frequently a session
will be persisted. Again, it will be persisted at the time a request exit.
In short, a session is persisted when: 1) are dirty; or 2) save interval is expired it.
Finally, the application.session.preseverOnStop
indicates whenever existing session
need to be store at exit time (persisted) or not (invalidated). By default session are preserved
on stop.
A cookie will be created when a session is created. Cookie is signed using
application.secret
. For dev env
the default secret is set to the
location of the Jooby class. For others an application.secret
MUST be set, otherwise
the application will fail at startup.
The application.session.cookie.name
indicates the name of the cookie that hold the
session ID, by defaults: jooby.sid
. Cookie's name can be explicitly set with
Cookie.Definition.name(String)
on Session.Definition.cookie()
.
The application.session.cookie.maxAge
sets the maximum age in seconds. A positive
value indicates that the cookie will expire after that many seconds have passed. Note that the
value is the maximum age when the cookie will expire, not the cookie's current age.
A negative value means that the cookie is not stored persistently and will be deleted when the
Web browser exits. A zero value causes the cookie to be deleted.
Default maxAge is: -1
.
Cookie's name can be explicitly set with Cookie.Definition.name(String)
on
Session.Definition.cookie()
.
A session cookie is marked as secure and httpOnly.
Please note that session data is NOT persisted in the cookie, just the session ID. If need to
persist a session, see Session.Store
Modifier and Type | Interface and Description |
---|---|
static class |
Session.Definition
Hold session related configuration parameters.
|
static interface |
Session.Store
Read, save and delete sessions from a persistent storage.
|
Modifier and Type | Field and Description |
---|---|
static org.slf4j.Logger |
log
Logger logs, man.
|
Modifier and Type | Method and Description |
---|---|
long |
accessedAt()
The last time the client sent a request associated with this session, as the number of
milliseconds since midnight January 1, 1970 GMT, and marked by the time the container
received the request.
|
Map<String,Object> |
attributes() |
long |
createdAt() |
void |
destroy()
Invalidates this session then unset any objects bound to it.
|
long |
expiryAt() |
<T> Optional<T> |
get(String name)
Get a object from this session.
|
String |
id() |
default boolean |
isSet(String name)
Test if the var name exists inside the session local attributes.
|
Session |
set(String name,
Object value)
Set a session local using a the given name.
|
Session |
unset()
Unset/remove all the session data.
|
<T> Optional<T> |
unset(String name)
Remove a local value (if any) from session locals.
|
long createdAt()
long accessedAt()
Actions that your application takes, such as getting or setting a value associated with the session, do not affect the access time.
long expiryAt()
@Nonnull <T> Optional<T> get(@Nonnull String name)
T
- Target type.name
- A local var's name.default boolean isSet(@Nonnull String name)
name
- A local var's name.@Nonnull Session set(@Nonnull String name, @Nonnull Object value)
name
- A local var's name.value
- A local values.<T> Optional<T> unset(String name)
T
- A local type.name
- A local var's name.Session unset()
void destroy()
Copyright © 2014. All rights reserved.