Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.apache.shiro.session.mgt.eis
Class MemorySessionDAO

java.lang.Object
  extended by org.apache.shiro.session.mgt.eis.AbstractSessionDAO
      extended by org.apache.shiro.session.mgt.eis.MemorySessionDAO
All Implemented Interfaces:
SessionDAO
public class MemorySessionDAO
extends AbstractSessionDAO

Simple memory-based implementation of the SessionDAO that stores all of its sessions in an in-memory ConcurrentMap. This implementation does not page to disk and is therefore unsuitable for applications that could experience a large amount of sessions and would therefore cause OutOfMemoryExceptions. It is not recommended for production use in most environments.

Memory Restrictions

If your application is expected to host many sessions beyond what can be stored in the memory available to the JVM, it is highly recommended to use a different SessionDAO implementation which uses a more expansive or permanent backing data store.

In this case, it is recommended to instead use a custom CachingSessionDAO implementation that communicates with a higher-capacity data store of your choice (file system, database, etc).

Changes in 1.0

This implementation prior to 1.0 used to subclass the CachingSessionDAO, but this caused problems with many cache implementations that would expunge entries due to TTL settings, resulting in Sessions that would be randomly (and permanently) lost. The Shiro 1.0 release refactored this implementation to be 100% memory-based (without Cache usage to avoid this problem.

Since:
0.1
See Also:
CachingSessionDAO

Constructor Summary
MemorySessionDAO()
           
 
Method Summary
 void delete(Session session)
          Deletes the associated EIS record of the specified session.
protected  Serializable doCreate(Session session)
          Subclass hook to actually persist the given Session instance to the underlying EIS.
protected  Session doReadSession(Serializable sessionId)
          Subclass implementation hook that retrieves the Session object from the underlying EIS or null if a session with that ID could not be found.
 Collection<Session> getActiveSessions()
          Returns all sessions in the EIS that are considered active, meaning all sessions that haven't been stopped/expired.
protected  Session storeSession(Serializable id, Session session)
           
 void update(Session session)
          Updates (persists) data from a previously created Session instance in the EIS identified by {@link Session#getId() session.getId()}.
 
Methods inherited from class org.apache.shiro.session.mgt.eis.AbstractSessionDAO
assignSessionId, create, generateSessionId, getSessionIdGenerator, readSession, setSessionIdGenerator
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Constructor Detail

MemorySessionDAO

public MemorySessionDAO()
Method Detail

doCreate

protected Serializable doCreate(Session session)
Description copied from class: AbstractSessionDAO
Subclass hook to actually persist the given Session instance to the underlying EIS.

Specified by:
doCreate in class AbstractSessionDAO
Parameters:
session - the Session instance to persist to the EIS.
Returns:
the id of the session created in the EIS (i.e. this is almost always a primary key and should be the value returned from Session.getId().

storeSession

protected Session storeSession(Serializable id,
                               Session session)

doReadSession

protected Session doReadSession(Serializable sessionId)
Description copied from class: AbstractSessionDAO
Subclass implementation hook that retrieves the Session object from the underlying EIS or null if a session with that ID could not be found.

Specified by:
doReadSession in class AbstractSessionDAO
Parameters:
sessionId - the id of the Session to retrieve.
Returns:
the Session in the EIS identified by sessionId or null if a session with that ID could not be found.

update

public void update(Session session)
            throws UnknownSessionException
Description copied from interface: SessionDAO
Updates (persists) data from a previously created Session instance in the EIS identified by {@link Session#getId() session.getId()}. This effectively propagates the data in the argument to the EIS record previously saved.

In addition to UnknownSessionException, implementations are free to throw any other exceptions that might occur due to integrity violation constraints or other EIS related errors.

Parameters:
session - the Session to update
Throws:
UnknownSessionException - if no existing EIS session record exists with the identifier of session.getSessionId()

delete

public void delete(Session session)
Description copied from interface: SessionDAO
Deletes the associated EIS record of the specified session. If there never existed a session EIS record with the identifier of session.getId(), then this method does nothing.

Parameters:
session - the session to delete.

getActiveSessions

public Collection<Session> getActiveSessions()
Description copied from interface: SessionDAO
Returns all sessions in the EIS that are considered active, meaning all sessions that haven't been stopped/expired. This is primarily used to validate potential orphans.

If there are no active sessions in the EIS, this method may return an empty collection or null.

Performance

This method should be as efficient as possible, especially in larger systems where there might be thousands of active sessions. Large scale/high performance implementations will often return a subset of the total active sessions and perform validation a little more frequently, rather than return a massive set and validate infrequently. If efficient and possible, it would make sense to return the oldest unstopped sessions available, ordered by lastAccessTime.

Smart Results

Ideally this method would only return active sessions that the EIS was certain should be invalided. Typically that is any session that is not stopped and where its lastAccessTimestamp is older than the session timeout.

For example, if sessions were backed by a relational database or SQL-92 'query-able' enterprise cache, you might return something similar to the results returned by this query (assuming SimpleSessions were being stored): 

 select * from sessions s where s.lastAccessTimestamp < ? and s.stopTimestamp is null
where the ? parameter is a date instance equal to 'now' minus the session timeout (e.g. now - 30 minutes).

Returns:
a Collection of Sessions that are considered active, or an empty collection or null if there are no active sessions.
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.