org.apache.shiro.session.mgt.eis
Interface SessionDAO

All Known Implementing Classes:
AbstractSessionDAO, CachingSessionDAO, EnterpriseCacheSessionDAO, MemorySessionDAO

public interface SessionDAO

Data Access Object design pattern specification to enable Session access to an EIS (Enterprise Information System). It provides your four typical CRUD methods: create(org.apache.shiro.session.Session), readSession(java.io.Serializable), update(org.apache.shiro.session.Session), and delete(org.apache.shiro.session.Session).

The remaining getActiveSessions() method exists as a support mechanism to pre-emptively orphaned sessions, typically by ValidatingSessionManagers), and should be as efficient as possible, especially if there are thousands of active sessions. Large scale/high performance implementations will often return a subset of the total active sessions and perform validation a little more frequently, rather than return a massive set and infrequently validate.

Since:
0.1

Method Summary
 Serializable create(Session session)
          Inserts a new Session record into the underling EIS (e.g.
 void delete(Session session)
          Deletes the associated EIS record of the specified session.
 Collection<Session> getActiveSessions()
          Returns all sessions in the EIS that are considered active, meaning all sessions that haven't been stopped/expired.
 Session readSession(Serializable sessionId)
          Retrieves the session from the EIS uniquely identified by the specified sessionId.
 void update(Session session)
          Updates (persists) data from a previously created Session instance in the EIS identified by {@link Session#getId() session.getId()}.
 

Method Detail

create

Serializable create(Session session)
Inserts a new Session record into the underling EIS (e.g. Relational database, file system, persistent cache, etc, depending on the DAO implementation).

After this method is invoked, the Session.getId() method executed on the argument must return a valid session identifier. That is, the following should always be true:

 Serializable id = create( session );
 id.equals( session.getId() ) == true

Implementations are free to throw any exceptions that might occur due to integrity violation constraints or other EIS related errors.

Parameters:
session - the Session object to create in the EIS.
Returns:
the EIS id (e.g. primary key) of the created Session object.

readSession

Session readSession(Serializable sessionId)
                    throws UnknownSessionException
Retrieves the session from the EIS uniquely identified by the specified sessionId.

Parameters:
sessionId - the system-wide unique identifier of the Session object to retrieve from the EIS.
Returns:
the persisted session in the EIS identified by sessionId.
Throws:
UnknownSessionException - if there is no EIS record for any session with the specified sessionId

update

void update(Session session)
            throws UnknownSessionException
Updates (persists) data from a previously created Session instance in the EIS identified by {@link Session#getId() session.getId()}. This effectively propagates the data in the argument to the EIS record previously saved.

In addition to UnknownSessionException, implementations are free to throw any other exceptions that might occur due to integrity violation constraints or other EIS related errors.

Parameters:
session - the Session to update
Throws:
UnknownSessionException - if no existing EIS session record exists with the identifier of session.getSessionId()

delete

void delete(Session session)
Deletes the associated EIS record of the specified session. If there never existed a session EIS record with the identifier of session.getId(), then this method does nothing.

Parameters:
session - the session to delete.

getActiveSessions

Collection<Session> getActiveSessions()
Returns all sessions in the EIS that are considered active, meaning all sessions that haven't been stopped/expired. This is primarily used to validate potential orphans.

If there are no active sessions in the EIS, this method may return an empty collection or null.

Performance

This method should be as efficient as possible, especially in larger systems where there might be thousands of active sessions. Large scale/high performance implementations will often return a subset of the total active sessions and perform validation a little more frequently, rather than return a massive set and validate infrequently. If efficient and possible, it would make sense to return the oldest unstopped sessions available, ordered by lastAccessTime.

Smart Results

Ideally this method would only return active sessions that the EIS was certain should be invalided. Typically that is any session that is not stopped and where its lastAccessTimestamp is older than the session timeout.

For example, if sessions were backed by a relational database or SQL-92 'query-able' enterprise cache, you might return something similar to the results returned by this query (assuming SimpleSessions were being stored):

 select * from sessions s where s.lastAccessTimestamp < ? and s.stopTimestamp is null
 
where the ? parameter is a date instance equal to 'now' minus the session timeout (e.g. now - 30 minutes).

Returns:
a Collection of Sessions that are considered active, or an empty collection or null if there are no active sessions.


Copyright © 2004-2012 The Apache Software Foundation. All Rights Reserved.