Could someone tell me how I can customize session management?
The HttpSession has a lot of features, but I would like to add some of my customized methods and attributes to the session. I can't extend HttpSession as it is an interface.
So what can I do?
The only solution that I came up with is if I make my own session management and that would be a lot of work and problem.
What kind of functionality do you want to add? Would it be easier to just decorate the regular HttpSession object and create a servlet base class that uses it?
I wanted to have other ids besides the session id. eg: view id -> that changes for every view during a session. And methods for lets say keeping track of roles and permissions for a username.
One way of achieving this was by setting an attribute called viewID and similarly other setattributes. But is there a way in which I could have this as an actual attribute of the httpsession class?
Basically, I wanted to expand the functionality of the httpsession object.
Yeah, I don't really see the need for what you're trying to do either, or at least not in the way you're trying to do it. As I suggested previously, if you want a bunch of this "magic" stuff to happen, abstract it away, put it in a filter or base servlet or somewhere. This also has the benefit of working across deployment environments.
It is certainly possible to create your own "session" management - Just:
1. Define the class that does all you want, make it Serializable so the individual user sessions can be stored on disk or in a database.
2. On initial entry of your user, create an instance and give it a unique id string that is also a valid file name and write it to disk
3. IF you want to use the servlet session mechanism at all, store the id in the user's session, otherwise use the cookie mechanism to ensure that every user request will contain the unique id.
4. On subsequent requests recover the serialized object, modify and re-write.
Add some caching and you will have duplicated the servlet session with your own code. An interesting programming exercise but probably not necessary.
A session is begun when servlet (or filter) code invokes the HttpServletRequest.getSession() method. And that time web container generates unique id as name JSESSIONID and embeded as value of a cookie
SCJP1.4 certified, IBM SOA Solution Designer[2007]
I agree. Here's the link: http://ej-technologies/jprofiler - if it wasn't for jprofiler, we would need to
run our stuff on 16 servers instead of 3.
0
