表1 Session接口说明
方法 | 描述 |
getCreationTime()/setCreationTime(time : long) | 获取与设置Session的创建时间 |
getId()/setId(id : String) | 获取与设置Session的ID |
getThisAccessedTime() | 获取最近一次请求的开始时间 |
getLastAccessedTime() | 获取最近一次请求的完成时间 |
getManager()/setManager(manager : Manager) | 获取与设置Session管理器 |
getMaxInactiveInterval()/setMaxInactiveInterval(interval : int) | 获取与设置Session的最大访问间隔 |
getSession() | 获取HttpSession |
isValid()/setValid(isValid : boolean) | 获取与设置Session的有效状态 |
access()/endAccess() | 开始与结束Session的访问 |
expire() | 设置Session过期 |
表2 HttpSession接口说明
方法 | 描述 |
getCreationTime() | 获取Session的创建时间 |
getId() | 获取Session的ID |
getLastAccessedTime() | 获取最近一次请求的完成时间 |
getServletContext() | 获取当前Session所属的ServletContext |
getMaxInactiveInterval()/setMaxInactiveInterval(interval : int) | 获取与设置Session的最大访问间隔 |
getAttribute(name : String) /setAttribute(name : String, value : Object) | 获取与设置Session作用域的属性 |
removeAttribute(name : String) | 清除Session作用域的属性 |
invalidate() | 使Session失效并解除任何与此Session绑定的对象 |
表3 ClusterSession接口说明
方法 | 描述 |
isPrimarySession() | 是否是集群的主Session |
setPrimarySession(boolean primarySession) | 设置集群主Session |
StandardSession:标准的HTTP Session实现,本文将以此实现为例展开。
图2 Session管理器的类继承体系
表4 Manager接口说明
方法 | 描述 |
getContainer() setContainer(container : Container) | 获取或设置Session管理器关联的容器,一般为Context容器 |
getDistributable() setDistributable(distributable : boolean) | 获取或设置Session管理器是否支持分布式 |
getMaxInactiveInterval() setMaxInactiveInterval(interval : int) | 获取或设置Session管理器创建的Session的最大非活动时间间隔 |
getSessionIdLength() setSessionIdLength(idLength : int) | 获取或设置Session管理器创建的Session ID的长度 |
getSessionCounter() setSessionCounter(sessionCounter : long) | 获取或设置Session管理器创建的Session总数 |
getMaxActive() setMaxActive(maxActive : int) | 获取或设置当前已激活Session的最大数量 |
getActiveSessions() | 获取当前激活的所有Session |
getExpiredSessions() setExpiredSessions(expiredSessions : long) | 获取或设置当前已过期Session的数量 |
getRejectedSessions() setRejectedSessions(rejectedSessions : int) | 获取或设置已拒绝创建Session的数量 |
getSessionMaxAliveTime() setSessionMaxAliveTime(sessionMaxAliveTime : int) | 获取或设置已过期Session中的最大活动时长 |
getSessionAverageAliveTime() setSessionAverageAliveTime(sessionAverageAliveTime : int) | 获取或设置已过期Session的平均活动时长 |
add(session : Session) remove(session : Session) | 给Session管理器增加或删除活动Session |
changeSessionId(session : Session) | 给Session设置新生成的随机Session ID |
createSession(sessionId : String) | 基于Session管理器的默认属性配置创建新的Session |
findSession(id : String) | 返回sessionId参数唯一标记的Session |
findSessions() | 返回Session管理器管理的所有活动Session |
load() unload() | 从持久化机制中加载Session或向持久化机制写入Session |
backgroundProcess() | 容器接口中定义的为具体容器在后台处理相关工作的实现,Session管理器基于此机制实现了过期Session的销毁 |
@Override protected synchronized void startInternal() throws LifecycleException { // 省略与Session管理无关的代码 // Acquire clustered manager Manager contextManager = null; if (manager == null) { if ( (getCluster() != null) && distributable) { try { contextManager = getCluster().createManager(getName()); } catch (Exception ex) { log.error("standardContext.clusterFail", ex); ok = false; } } else { contextManager = new StandardManager(); } } // Configure default manager if none was specified if (contextManager != null) { setManager(contextManager); } if (manager!=null && (getCluster() != null) && distributable) { //let the cluster know that there is a context that is distributable //and that it has its own manager getCluster().registerManager(manager); } // 省略与Session管理无关的代码 try { // Start manager if ((manager != null) && (manager instanceof Lifecycle)) { ((Lifecycle) getManager()).start(); } // Start ContainerBackgroundProcessor thread super.threadStart(); } catch(Exception e) { log.error("Error manager.start()", e); ok = false; } // 省略与Session管理无关的代码 }
@Override public synchronized final void start() throws LifecycleException { //省略状态校验的代码if (state.equals(LifecycleState.NEW)) { init(); } else if (!state.equals(LifecycleState.INITIALIZED) && !state.equals(LifecycleState.STOPPED)) { invalidTransition(Lifecycle.BEFORE_START_EVENT); } setState(LifecycleState.STARTING_PREP); try { startInternal(); } catch (LifecycleException e) { setState(LifecycleState.FAILED); throw e; } if (state.equals(LifecycleState.FAILED) || state.equals(LifecycleState.MUST_STOP)) { stop(); } else { // Shouldn‘t be necessary but acts as a check that sub-classes are // doing what they are supposed to. if (!state.equals(LifecycleState.STARTING)) { invalidTransition(Lifecycle.AFTER_START_EVENT); } setState(LifecycleState.STARTED); } }
@Override protected void initInternal() throws LifecycleException { super.initInternal(); setDistributable(((Context) getContainer()).getDistributable()); // Initialize random number generation getRandomBytes(new byte[16]); }
protected void getRandomBytes(byte bytes[]) { // Generate a byte array containing a session identifier if (devRandomSource != null && randomIS == null) { setRandomFile(devRandomSource); } if (randomIS != null) { try { int len = randomIS.read(bytes); if (len == bytes.length) { return; } if(log.isDebugEnabled()) log.debug("Got " + len + " " + bytes.length ); } catch (Exception ex) { // Ignore } devRandomSource = null; try { randomIS.close(); } catch (Exception e) { log.warn("Failed to close randomIS."); } randomIS = null; } getRandom().nextBytes(bytes); }
public void setRandomFile( String s ) { // as a hack, you can use a static file - and generate the same // session ids ( good for strange debugging ) if (Globals.IS_SECURITY_ENABLED){ randomIS = AccessController.doPrivileged(new PrivilegedSetRandomFile(s)); } else { try{ devRandomSource=s; File f=new File( devRandomSource ); if( ! f.exists() ) return; randomIS= new DataInputStream( new FileInputStream(f)); randomIS.readLong(); if( log.isDebugEnabled() ) log.debug( "Opening " + devRandomSource ); } catch( IOException ex ) { log.warn("Error reading " + devRandomSource, ex); if (randomIS != null) { try { randomIS.close(); } catch (Exception e) { log.warn("Failed to close randomIS."); } } devRandomSource = null; randomIS=null; } } }
public Random getRandom() { if (this.random == null) { // Calculate the new random number generator seed long seed = System.currentTimeMillis(); long t1 = seed; char entropy[] = getEntropy().toCharArray(); for (int i = 0; i < entropy.length; i++) { long update = ((byte) entropy[i]) << ((i % 8) * 8); seed ^= update; } try { // Construct and seed a new random number generator Class<?> clazz = Class.forName(randomClass); this.random = (Random) clazz.newInstance(); this.random.setSeed(seed); } catch (Exception e) { // Fall back to the simple case log.error(sm.getString("managerBase.random", randomClass), e); this.random = new java.util.Random(); this.random.setSeed(seed); } if(log.isDebugEnabled()) { long t2=System.currentTimeMillis(); if( (t2-t1) > 100 ) log.debug(sm.getString("managerBase.seeding", randomClass) + " " + (t2-t1)); } } return (this.random); }
@Override protected synchronized void startInternal() throws LifecycleException { // Force initialization of the random number generator if (log.isDebugEnabled()) log.debug("Force random number initialization starting"); generateSessionId(); if (log.isDebugEnabled()) log.debug("Force random number initialization completed"); // Load unloaded sessions, if any try { load(); } catch (Throwable t) { log.error(sm.getString("standardManager.managerLoad"), t); } setState(LifecycleState.STARTING); }
步骤一 调用generateSessionId方法(见代码清单8)强制初始化随机数生成器;
注意:此处调用generateSessionId方法的目的不是为了生成Session ID,而是为了强制初始化随机数生成器。
protected synchronized String generateSessionId() { byte random[] = new byte[16]; String jvmRoute = getJvmRoute(); String result = null; // Render the result as a String of hexadecimal digits StringBuilder buffer = new StringBuilder(); do { int resultLenBytes = 0; if (result != null) { buffer = new StringBuilder(); duplicates++; } while (resultLenBytes < this.sessionIdLength) { getRandomBytes(random); random = getDigest().digest(random); for (int j = 0; j < random.length && resultLenBytes < this.sessionIdLength; j++) { byte b1 = (byte) ((random[j] & 0xf0) >> 4); byte b2 = (byte) (random[j] & 0x0f); if (b1 < 10) buffer.append((char) (‘0‘ + b1)); else buffer.append((char) (‘A‘ + (b1 - 10))); if (b2 < 10) buffer.append((char) (‘0‘ + b2)); else buffer.append((char) (‘A‘ + (b2 - 10))); resultLenBytes++; } } if (jvmRoute != null) { buffer.append(‘.‘).append(jvmRoute); } result = buffer.toString(); } while (sessions.containsKey(result)); return (result); }
步骤二 加载持久化的Session信息。为什么Session需要持久化?由于在StandardManager中,所有的Session都维护在一个ConcurrentHashMap中,因此服务器重启或者宕机会造成这些Session信息丢失或失效,为了解决这个问题,Tomcat将这些Session通过持久化的方式来保证不会丢失。下面我们来看看StandardManager的load方法的实现,见代码清单9所示。
public void load() throws ClassNotFoundException, IOException { if (SecurityUtil.isPackageProtectionEnabled()){ try{ AccessController.doPrivileged( new PrivilegedDoLoad() ); } catch (PrivilegedActionException ex){ Exception exception = ex.getException(); if (exception instanceof ClassNotFoundException){ throw (ClassNotFoundException)exception; } else if (exception instanceof IOException){ throw (IOException)exception; } if (log.isDebugEnabled()) log.debug("Unreported exception in load() " + exception); } } else { doLoad(); } }
private class PrivilegedDoLoad implements PrivilegedExceptionAction<Void> { PrivilegedDoLoad() { // NOOP } public Void run() throws Exception{ doLoad(); return null; } }
protected void doLoad() throws ClassNotFoundException, IOException { if (log.isDebugEnabled()) log.debug("Start: Loading persisted sessions"); // Initialize our internal data structures sessions.clear(); // Open an input stream to the specified pathname, if any File file = file(); if (file == null) return; if (log.isDebugEnabled()) log.debug(sm.getString("standardManager.loading", pathname)); FileInputStream fis = null; BufferedInputStream bis = null; ObjectInputStream ois = null; Loader loader = null; ClassLoader classLoader = null; try { fis = new FileInputStream(file.getAbsolutePath()); bis = new BufferedInputStream(fis); if (container != null) loader = container.getLoader(); if (loader != null) classLoader = loader.getClassLoader(); if (classLoader != null) { if (log.isDebugEnabled()) log.debug("Creating custom object input stream for class loader "); ois = new CustomObjectInputStream(bis, classLoader); } else { if (log.isDebugEnabled()) log.debug("Creating standard object input stream"); ois = new ObjectInputStream(bis); } } catch (FileNotFoundException e) { if (log.isDebugEnabled()) log.debug("No persisted data file found"); return; } catch (IOException e) { log.error(sm.getString("standardManager.loading.ioe", e), e); if (fis != null) { try { fis.close(); } catch (IOException f) { // Ignore } } if (bis != null) { try { bis.close(); } catch (IOException f) { // Ignore } } throw e; } // Load the previously unloaded active sessions synchronized (sessions) { try { Integer count = (Integer) ois.readObject(); int n = count.intValue(); if (log.isDebugEnabled()) log.debug("Loading " + n + " persisted sessions"); for (int i = 0; i < n; i++) { StandardSession session = getNewSession(); session.readObjectData(ois); session.setManager(this); sessions.put(session.getIdInternal(), session); session.activate(); if (!session.isValidInternal()) { // If session is already invalid, // expire session to prevent memory leak. session.setValid(true); session.expire(); } sessionCounter++; } } catch (ClassNotFoundException e) { log.error(sm.getString("standardManager.loading.cnfe", e), e); try { ois.close(); } catch (IOException f) { // Ignore } throw e; } catch (IOException e) { log.error(sm.getString("standardManager.loading.ioe", e), e); try { ois.close(); } catch (IOException f) { // Ignore } throw e; } finally { // Close the input stream try { ois.close(); } catch (IOException f) { // ignored } // Delete the persistent storage file if (file.exists() ) file.delete(); } } if (log.isDebugEnabled()) log.debug("Finish: Loading persisted sessions"); }