Class Session
- All Implemented Interfaces:
Serializable
,IEventSink
,IFeedbackContributor
,IMetadataContext<Serializable,
,Session> IClusterable
- Direct Known Subclasses:
WebSession
- Access - the Session can be retrieved either by
Component.getSession()
or by directly calling the static method Session.get(). All classes which extend directly or indirectlyWebMarkupContainer
can also use its convenience methodWebMarkupContainer.getWebSession()
- Locale - A session has a Locale property to support localization. The Locale for a
session can be set by calling
setLocale(Locale)
. The Locale for a Session determines how localized resources are found and loaded. - Style - Besides having an appearance based on locale, resources can also have different looks in the same locale (a.k.a. "skins"). The style for a session determines the look which is used within the appropriate locale. The session style ("skin") can be set with the setStyle() method.
- Resource Loading - Based on the Session locale and style, searching for resources
occurs in the following order (where sourcePath is set via the ApplicationSettings object for the
current Application, and style and locale are Session properties):
- [sourcePath]/name[style][locale].[extension]
- [sourcePath]/name[locale].[extension]
- [sourcePath]/name[style].[extension]
- [sourcePath]/name.[extension]
- [classPath]/name[style][locale].[extension]
- [classPath]/name[locale].[extension]
- [classPath]/name[style].[extension]
- [classPath]/name.[extension]
- Session Properties - Arbitrary objects can be attached to a Session by installing a
session factory on your Application class which creates custom Session subclasses that have
typesafe properties specific to the application (see
Application
for details). To discourage non-typesafe access to Session properties, no setProperty() or getProperty() method is provided. In a clustered environment, you should take care to call the dirty() method when you change a property on your own. This way the session will be reset again in the http session so that the http session knows the session is changed. - Class Resolver - Sessions have a class resolver (
IClassResolver
) implementation that is used to locate classes for components such as pages. - Page Factory - A pluggable implementation of
IPageFactory
is used to instantiate pages for the session. - Removal - Pages can be removed from the Session forcibly by calling clear(), although such an action should rarely be necessary.
- Flash Messages - Flash messages are messages that are stored in session and are removed after they are displayed to the user. Session acts as a store for these messages because they can last across requests.
- Author:
- Jonathan Locke, Eelco Hillenius, Igor Vaynberg (ivaynberg)
- See Also:
-
Field Summary
Modifier and TypeFieldDescriptionprotected ClientInfo
Cached instance of agent info which is typically designated by callinggetClientInfo()
.static final String
Name of session attribute under which this session is stored -
Constructor Summary
-
Method Summary
Modifier and TypeMethodDescriptionfinal void
bind()
Force binding this session to the application'ssession store
if not already done so.void
Change the id of the underlying (Web)Session if this last one is permanent.final void
clear()
Removes all pages from the session.final void
debug
(Serializable message) Registers an debug feedback message for this sessionvoid
detach()
Any detach logic for session subclasses.final void
dirty()
Marks session state as dirty so that it will be (re)stored in the ISessionStore at the end of the request.final void
dirty
(boolean forced) Marks session state as dirty so that it will be re-stored in the ISessionStore at the end of the request.void
End the current request.final void
error
(Serializable message) Registers an error feedback message for this sessionstatic boolean
exists()
Checks existence of aSession
associated with the current thread.final void
fatal
(Serializable message) Registers an fatal feedback message for this sessionprotected abstract String
Change the id of the underlying (Web)Session.static Session
get()
Returns session associated to current thread.final Application
Get the application that is currently working with this session.final Serializable
getAttribute
(String name) Gets the attribute value with the given namefinal IClassResolver
abstract ClientInfo
Gets the client info object for this session.final FeedbackMessages
Gets feedback messages stored in sessionfinal String
getId()
Gets the unique id for this session from the underlying SessionStore.Get this session's locale.final <M extends Serializable>
MgetMetaData
(MetaDataKey<M> key) Gets metadata for this session using the given key.final IPageManager
Returns theIPageManager
instance.protected ISessionStore
Gets the session store.final long
final String
getStyle()
Get the style (seeSession
).final void
info
(Serializable message) Registers an informational feedback message for this sessionvoid
NOT PART OF PUBLIC API, DO NOT CALL Detaches internal state ofSession
void
Invalidates this session at the end of the current request.void
Invalidates this session immediately.static boolean
isRtlLanguage
(Locale locale) Check if a BCP 47 / III language code indicates an RTL (right-to-left) language, i.e.boolean
Method to determine if language of current locale is RTL (right-to-left) or notfinal boolean
Whether the session is invalid now, or will be invalidated by the end of the request.final boolean
Whether this session is temporary.protected PageAccessSynchronizer
newPageAccessSynchronizer
(Duration timeout) Factory method for PageAccessSynchronizer instancesint
int
Retrieves the next available session-unique valuevoid
Called when an event is sent to this sinkvoid
A callback method that is executed when the user session is invalidated either by explicit call toinvalidate()
or due to HttpSession expiration.final void
removeAttribute
(String name) Removes the attribute with the given name.void
Replaces the underlying (Web)Session, invalidating the current one and creating a new one.final Session
setAttribute
(String name, Serializable value) Adds or replaces the attribute with the given name and value.final Session
setClientInfo
(ClientInfo clientInfo) THIS METHOD IS NOT PART OF THE WICKET PUBLIC API.Set the locale for this session.final <M extends Serializable>
SessionsetMetaData
(MetaDataKey<M> key, M object) Sets the metadata for this session using the given key.final Session
Set the style (seeSession
).final void
success
(Serializable message) Registers an success feedback message for this sessionfinal void
warn
(Serializable message) Registers a warning feedback message for this session
-
Field Details
-
SESSION_ATTRIBUTE_NAME
Name of session attribute under which this session is stored- See Also:
-
clientInfo
Cached instance of agent info which is typically designated by callinggetClientInfo()
.
-
-
Constructor Details
-
Session
Constructor. Note thatRequestCycle
is not available until this constructor returns.- Parameters:
request
- The current request
-
-
Method Details
-
exists
Checks existence of aSession
associated with the current thread.- Returns:
true
ifget()
can return the instance of session,false
otherwise
-
get
Returns session associated to current thread. Always returns a session during a request cycle, even though the session might be temporary- Returns:
- session.
-
isRtlLanguage
Check if a BCP 47 / III language code indicates an RTL (right-to-left) language, i.e. either: - a language code explicitly specifying one of the right-to-left scripts, e.g. "az-Arab", or- a language code specifying one of the languages normally written in a right-to-left script, e.g. "fa" (Farsi), except ones explicitly specifying Latin or Cyrillic script (which are the usual LTR (left-to-right) alternatives).
The list of right-to-left scripts appears in the 100-199 range in, of which Arabic and Hebrew are by far the most widely used. We also recognize Thaana, N'Ko, and Tifinagh, which also have significant modern usage. The rest (Syriac, Samaritan, Mandaic, etc.) seem to have extremely limited or no modern usage and are not recognized. The languages usually written in a right-to-left script are taken as those with Suppress-Script: Hebr|Arab|Thaa|Nkoo|Tfng, as well as Sindhi (sd) and Uyghur (ug). The presence of other subtags of the language code, e.g. regions like EG (Egypt), is ignored.
- Parameters:
locale
- - locale to check- Returns:
true
in case passed locale is right-to-left
-
bind
Force binding this session to the application'ssession store
if not already done so.A Wicket application can operate in a session-less mode as long as stateless pages are used. Session objects will be then created for each request, but they will only live for that request. You can recognize temporary sessions by calling
isTemporary()
which basically checks whether the session's id is null. Hence, temporary sessions have no session id.By calling this method, the session will be bound (made not-temporary) if it was not bound yet. It is useful for cases where you want to be absolutely sure this session object will be available in next requests. If the session was already bound (
returns a session
), this call will be a noop. -
clear
Removes all pages from the session. Although this method should rarely be needed, it is available (possibly for security reasons). -
error
Registers an error feedback message for this session- Specified by:
error
in interfaceIFeedbackContributor
- Parameters:
message
- The feedback message
-
fatal
Registers an fatal feedback message for this session- Specified by:
fatal
in interfaceIFeedbackContributor
- Parameters:
message
- The feedback message
-
debug
Registers an debug feedback message for this session- Specified by:
debug
in interfaceIFeedbackContributor
- Parameters:
message
- The feedback message
-
getApplication
Get the application that is currently working with this session.- Returns:
- Returns the application.
-
getAuthorizationStrategy
- Returns:
- The authorization strategy for this session
-
getClassResolver
- Returns:
- The class resolver for this Session
-
getClientInfo
Gets the client info object for this session. This method lazily gets the new agent info object for this session. It uses any cached or set (setClientInfo(ClientInfo)
) client info object.- Returns:
- the client info object based on this request
-
getFeedbackMessages
Gets feedback messages stored in session- Returns:
- unmodifiable list of feedback messages
-
getId
Gets the unique id for this session from the underlying SessionStore. May benull
if a concrete session is not yet created.- Returns:
- The unique id for this session or null if it is a temporary session
-
getLocale
Get this session's locale.- Returns:
- This session's locale
-
getMetaData
Gets metadata for this session using the given key.- Specified by:
getMetaData
in interfaceIMetadataContext<Serializable,
Session> - Type Parameters:
M
- The type of the metadata.- Parameters:
key
- The key for the data- Returns:
- The metadata
- See Also:
-
getPageFactory
- Returns:
- The page factory for this session
-
getSizeInBytes
- Returns:
- Size of this session
-
getStyle
Get the style (seeSession
).- Returns:
- Returns the style (see
Session
)
-
info
Registers an informational feedback message for this session- Specified by:
info
in interfaceIFeedbackContributor
- Parameters:
message
- The feedback message
-
success
Registers an success feedback message for this session- Specified by:
success
in interfaceIFeedbackContributor
- Parameters:
message
- The feedback message
-
invalidate
Invalidates this session at the end of the current request. If you need to invalidate the session immediately, you can do this by calling invalidateNow(), however this will remove all Wicket components from this session, which means that you will no longer be able to work with them. -
invalidateNow
Invalidates this session immediately. Calling this method will remove all Wicket components from this session, which means that you will no longer be able to work with them. -
replaceSession
Replaces the underlying (Web)Session, invalidating the current one and creating a new one. By callingISessionStore.invalidate(Request)
andbind()
If you are looking for a mean against session fixation attack, consider to usechangeSessionId()
. -
isSessionInvalidated
Whether the session is invalid now, or will be invalidated by the end of the request. Clients should rarely need to use this method if ever.- Returns:
- Whether the session is invalid when the current request is done
- See Also:
-
isTemporary
Whether this session is temporary. A Wicket application can operate in a session-less mode as long as stateless pages are used. If this session object is temporary, it will not be available on a next request.- Returns:
- Whether this session is temporary (which is the same as it's id being null)
-
setClientInfo
THIS METHOD IS NOT PART OF THE WICKET PUBLIC API. DO NOT CALL IT.Sets the client info object for this session. This will only work when
getClientInfo()
is not overridden.- Parameters:
clientInfo
- the client info object
-
setLocale
Set the locale for this session.- Parameters:
locale
- New locale
-
isRtlLocale
Method to determine if language of current locale is RTL (right-to-left) or not- Returns:
true
if language of session locale is RTL (right-to-left),false
otherwise
-
setMetaData
Sets the metadata for this session using the given key. If the metadata object is not of the correct type for the metadata key, an IllegalArgumentException will be thrown. For information on creating MetaDataKeys, seeMetaDataKey
.- Specified by:
setMetaData
in interfaceIMetadataContext<Serializable,
Session> - Parameters:
key
- The singleton key for the metadataobject
- The metadata object- Throws:
IllegalArgumentException
- See Also:
-
setStyle
Set the style (seeSession
).- Parameters:
style
- The style to set.- Returns:
- the Session object
-
warn
Registers a warning feedback message for this session- Specified by:
warn
in interfaceIFeedbackContributor
- Parameters:
message
- The feedback message
-
endRequest
End the current request. -
detach
Any detach logic for session subclasses. This is called on the end of handling a request, when the RequestCycle is about to be detached from the current thread. -
internalDetach
NOT PART OF PUBLIC API, DO NOT CALL Detaches internal state ofSession
-
dirty
Marks session state as dirty so that it will be (re)stored in the ISessionStore at the end of the request. Note: binds the session if it is temporary -
dirty
Marks session state as dirty so that it will be re-stored in the ISessionStore at the end of the request.- Parameters:
forced
- A flag indicating whether the session should be marked as dirty even when it is temporary. Iftrue
the Session will be bound.
-
getAttribute
Gets the attribute value with the given name- Parameters:
name
- The name of the attribute to store- Returns:
- The value of the attribute
-
getAttributeNames
- Returns:
- List of attributes for this session
-
getSessionStore
Gets the session store.- Returns:
- the session store
-
removeAttribute
Removes the attribute with the given name.- Parameters:
name
- the name of the attribute to remove
-
setAttribute
Adds or replaces the attribute with the given name and value.- Parameters:
name
- The name of the attributevalue
- The value of the attribute
-
nextSequenceValue
Retrieves the next available session-unique value- Returns:
- session-unique value
-
nextPageId
- Returns:
- the next page id
-
getPageManager
Returns theIPageManager
instance.- Returns:
IPageManager
instance.
-
onEvent
Called when an event is sent to this sink- Specified by:
onEvent
in interfaceIEventSink
-
onInvalidate
A callback method that is executed when the user session is invalidated either by explicit call toinvalidate()
or due to HttpSession expiration.In case of session expiration this method is called in a non-worker thread, i.e. there are no thread locals exported for the Application, RequestCycle and Session. The Session is the current instance. The Application can be found by using
Application.get(String)
. There is no way to get a reference to a RequestCycle -
changeSessionId
Change the id of the underlying (Web)Session if this last one is permanent.Call upon login to protect against session fixation.
- See Also:
-
- "http://www.owasp.org/index.php/Session_Fixation"
-
generateNewSessionId
Change the id of the underlying (Web)Session.- Returns:
- the new session id value.
-
newPageAccessSynchronizer
Factory method for PageAccessSynchronizer instances- Parameters:
timeout
- The configured timeout. SeeRequestCycleSettings.getTimeout()
- Returns:
- A new instance of PageAccessSynchronizer
-