InternalSession.java revision 49e2c7ae84fa30c95b6f93d0f3c3e868dcdf52f3
/**
* DO NOT ALTER OR REMOVE COPYRIGHT NOTICES OR THIS HEADER.
*
* Copyright (c) 2005 Sun Microsystems Inc. All Rights Reserved
*
* The contents of this file are subject to the terms
* of the Common Development and Distribution License
* (the License). You may not use this file except in
* compliance with the License.
*
* You can obtain a copy of the License at
* See the License for the specific language governing
* permission and limitations under the License.
*
* When distributing Covered Code, include this CDDL
* Header Notice in each file and include the License file
* at opensso/legal/CDDLv1.0.txt.
* If applicable, add the following below the CDDL Header,
* with the fields enclosed by brackets [] replaced by
* your own identifying information:
* "Portions Copyrighted [year] [name of copyright owner]"
*
* $Id: InternalSession.java,v 1.21 2009/03/20 21:05:25 weisun2 Exp $
*
*/
/**
* Portions Copyrighted 2011-2013 ForgeRock Inc
*/
/**
* The <code>InternalSession</code> class represents a Webtop internal
* session. A session has four states: invalid, valid, inactive, and destroy.
* The initial state of a session is invalid. The following is the state diagram
* for a session:
* <pre>
* | | | V -------------<invalid> | | | | creation (authentication OK) | |
* |max login time | max idle time |destroy V ---------------> | <valid>
* <inactive> -- | | <-------------- | | | reactivate | | | | | | logout |
* destroy | | destroy | max session time | | max session time | | V |
* ------------> <destroy> <--------------------------
* </pre>
*
*/
// Debug should not be serialised.
// Session Service should not be serialised.
private transient SessionService ss;
/* user universal unique ID*/
/* Session Id (sid) */
/*Session type user or application */
private int sessionType;
/* Client ID for the internal session */
/* Client Domain for the internal session */
private String clientDomain;
/* maximum internal session time in minutes */
private long maxSessionTime;
/* maximum internal session idle time */
private long maxIdleTime; // in minutes
/*Maximum internal session cache time */
private long maxCachingTime; // in minutes
/* Internal session state INACTIVE, VALID,INVALID,DESTROYED*/
private int sessionState;
/** session properties LoginURL,Timeout, Host */
private Properties sessionProperties;
/** Flag indicates for session to expire at max timeout */
private boolean willExpireFlag;
/** Flag to indicate upgrading the session */
transient private boolean isSessionUpgrade = false;
/*
* The following object map is meant to be used to store the transient
* objects such as Auth related user properties (e.g. AuthContext and
* LoginState) within the InternalSession object. There are a few
* characteristics for this type of objects:
* - These objects and the corresponding interfaces are for internal use
* only. - These objects are "transient" objects which don't require
* persisency. In other words, they won't be saved into the session
* repository in the SFO case. - These object are not session properties
* since they are not meant to exposed to any client.
*/
/** holds session creation time */
private long creationTime; // in seconds
/** holds latest accesstime*/
private long latestAccessTime;// in seconds
transient private HttpSession httpSession;
private boolean isISStored = false;
.synchronizedMap(new HashMap());
.synchronizedMap(new HashMap());
private static String superUserDN;
/*
* This is the Time(seconds) when the session timedout. Value zero means the
* session has not timed out.
*/
private volatile long timedOutAt = 0;
/**
* Logical version timestamp used to implement optimistic concurrency
* control in shared session repository
*/
private long version = 0;
/*
* This is the maximum extra time for which the timed out sessions lives in
* the session server
*/
private static long purgeDelay;
/*
* session handle is used to prevent administrator from impersonating other
* users
*/
/** session property LoginURL */
/* Internal session time out property */
/* Internal session host property */
/* AM Internal session maximum idle time */
/* session property: SAML2IDPSessionIndex */
private static final String SAML2_IDP_SESSION_INDEX =
"SAML2IDPSessionIndex";
/** AM User Universal Identifier Property*/
protected static final String UNIVERSAL_IDENTIFIER =
"sun.am.UniversalIdentifier";
private static final String LOG_MSG_SESSION_MAX_LIMIT_REACHED =
"SESSION_MAX_LIMIT_REACHED";
/* Time interval, if the current time minus lastest access time is
greater than this time interval. In SFO mode, the session record
will get refreshed in data repository.*/
"com.sun.identity.session.interval", "10"));
private volatile boolean reschedulePossible;
/*
* default idle time for invalid sessions
*/
private static long maxDefaultIdleTime;
static {
"com.iplanet.am.session.invalidsessionmaxtime", 3);
.get("com.sun.identity.authentication.super.user");
}
/**
* Get the default property values set for invalid session , purge delay
* super user name etc
*/
.valueOf(defaultValue));
long propValue = 0;
try {
}
return propValue;
}
/*
* We introduce a mechanism to protect certain "core" or "internal"
* properties from updates via remote SetProperty method of the
* SessionService. Allowing remote self-updates to session properties leads
* to a security vulnerability which allows unconstrained user impersonation
* or privilege elevation. See bug # 4814922 for more information
*
* protectedProperties contains a set of property names which can not be
* remotely updated. It is initially populated using static initializer. We
* also implemented an extra safety mechanism intended to protect from
* accidental reopening of this security hole in the future if a property
* name changes or new property is introduced without corresponding update
* of the static hardcoded list of protected properties below. This
* mechanism automatically adds any property to protectedProperties if it is
* set via local invocation of putProperty.
*
* However, some properties (such as Locale and CharSet) must be settable
* both locally and remotely. In order to make it configurable we use a
* second table called remotelyUpdateableProperties. Note that
* protectedProperties takes precedence over remotelyUpdateableProperties:
* remotelyUpdateableProperties will be consulted only if a property is not
* on the protectedProperties list already.
*
* The following tables defines the behavior of putProperty() and
* putExternalProperty() depending on whether property name is present in
* protectedProperties or remotelyUpdateableProperty list
*
* protectedProperties remotelyUpdateableProperties putProperty()
* putExternalProperty()
*
* in n/a sets value logs, does nothing
*
* out in sets value sets value
*
* out out sets value and sets value adds to protectedProperty
*/
protected static Set protectedProperties;
static {
protectedProperties = new HashSet();
if (protectedPropertiesConfig != null) {
",");
while (st.hasMoreTokens()) {
}
}
}
}
/*
* The URL map for session events of THIS session only : SESSION_CREATION,
* IDLE_TIMEOUT, MAX_TIMEOUT, LOGOUT, REACTIVATION, DESTROY. Each URL in the
* map is associated with a set of token ids (master and potentially all of
* the restricted token ids associated with the master) that will be used in
* notification
*/
/**
* Creates an instance of the Internal Session with its key dependences exposed.
*
* Note: This InternalSession will be in an invalid state.
*
* @param sid Non null Session ID.
* @param service Non null SessionService.
* @param debug Debugging instance to use for all logging.
*/
sessionProperties = new Properties();
willExpireFlag = true;
}
/**
* Creates a new InternalSession with the given Session ID.
*
* Note: This InternalSession will be in an invalid state.
*
* @param sid SessionID Non null Session ID.
*/
}
/**
* Default constructor required for deserialisation.
*/
public InternalSession() {
}
/**
* Implements for TaskRunnable.
*
* @param headTask The HeadTask indicate the time to run this task.
*/
}
/**
* Implements for TaskRunnable.
*
* @return The long value indicates the time this task is scheduled.
*/
public long scheduledExecutionTime() {
synchronized (this) {
return headTask.scheduledExecutionTime();
}
}
return -1;
}
/**
* Implements for TaskRunnable.
*
* @return The HeadTask of this task.
*/
public HeadTaskRunnable getHeadTask() {
// no need to synchronize for single operation
return headTask;
}
/**
* Implements for TaskRunnable.
*
* @return The task previous to this one.
*/
public TaskRunnable previous() {
return previousTask;
}
/**
* Implements for TaskRunnable.
*
* @return The task next to this one.
*/
public TaskRunnable next() {
return nextTask;
}
/**
* Implements for TaskRunnable.
*
* @param task The task previous to this one.
*/
previousTask = task;
}
/**
* Implements for TaskRunnable.
*
* @param task The task next to this one.
*/
}
/**
* Implements for TaskRunnable.
*
* @return false since this class will not be used as container.
*/
return false;
}
/**
* Implements for TaskRunnable.
*
* @return false since this class will not be used as container.
*/
return false;
}
/**
* Implements for TaskRunnable.
*
* @return true since this class will not be used as container.
*/
public boolean isEmpty() {
return true;
}
/**
* Implements for GeneralTaskRunnable.
*
* @return -1 since it is not a periodic task.
*/
public long getRunPeriod() {
return -1;
}
/**
* The function to run when timeout.
*/
public void run() {
if (!isTimedOut()) {
} else {
long timeLeft = getTimeLeft();
if (timeLeft == 0) {
if (purgeDelay > 0) {
}
}
} else {
if (purgeDelay > 0) {
}
}
} else {
timeToWait) * 1000));
}
}
}
}
} else {
}
}
/**
* Cancel the scheduled run of this task from TimerPool.
*/
public void cancel() {
do {
if (oldHeadTask != null) {
if (oldHeadTask.acquireValidLock()) {
try {
if (oldHeadTask == headTask) {
if (!oldHeadTask.isTimedOut()) {
} else {
}
}
break;
}
} finally {
}
}
}
} while (oldHeadTask != headTask);
}
/**
* Schedule this task to TimerPool according to the current state.
*/
protected void reschedule() {
switch (sessionState) {
timeoutTime = (creationTime +
break;
break;
}
if (timeoutTime < scheduledExecutionTime()) {
cancel();
}
if (scheduledExecutionTime() == -1) {
}
}
}
/**
* Returns the SessionID of this Internal Session.
* @return SessionID for the internal session object
*/
return sessionID;
}
/**
* Returns the type of Internal Session.
* @return <code>0 </code> if it is a USER_SESSION
* <code>1 </code> if it s a APPLICATION_SESSION
*/
public int getType() {
return sessionType;
}
/**
* Set the type of Internal Session. User OR Application.
*
* @param type <code>0</code> for <code>USER_SESSION</code>.
* <code>1</code> for <code>APPLICATION_SESSION</code>.
*/
sessionType = type;
}
/**
* Returns Client ID, accessing this Internal Session.
*
* @return Client ID.
*/
public String getClientID() {
return clientID;
}
/**
* Sets Client ID for this Internal Session.
*
* @param id
*/
}
/**
* Returns the Domain of the Client
*
* @return Client Domain
*/
public String getClientDomain() {
return clientDomain;
}
/**
* Sets the Clieant's Domain.
*
* @param domain
* Client Domain
*/
}
/**
* Returns maximum time allowed for the Internal Session.
* @return the number of maximum minutes for the session
*/
public long getMaxSessionTime() {
return maxSessionTime;
}
/**
* Sets the maximum time(in minutes) allowed for the Internal Session
*
* @param t
* Maximum Session Time
*/
public void setMaxSessionTime(long t) {
boolean mayReschedule = false;
if (t < maxSessionTime) {
mayReschedule = true;
}
maxSessionTime = t;
reschedule();
}
}
/**
* Returns the maximum idle time(in minutes) for the Internal Session.
* @return the number maximum idle minutes
*/
public long getMaxIdleTime() {
return maxIdleTime;
}
/**
* Sets the maximum idle time(in minutes) for the Internal Session.
*
* @param t
*/
public void setMaxIdleTime(long t) {
boolean mayReschedule = false;
if (t < maxIdleTime) {
mayReschedule = true;
}
maxIdleTime = t;
if (httpSession != null) {
if (maxIdleTime > httpIdleTime) {
}
}
reschedule();
}
}
/**
* Returns the maximum caching time(in minutes) allowed for the Internal
* Session.
* @return Maximum Cache Time
*/
public long getMaxCachingTime() {
return maxCachingTime;
}
/**
* Sets the maximum caching time(in minutes) for the Internal Session.
*
* @param t
* Maximum Caching Time
*/
public void setMaxCachingTime(long t) {
maxCachingTime = t;
}
/**
* Returns the time(in seconds) for which the Internal Session has not been
* accessed.
* @return session idle time
*/
public long getIdleTime() {
return now - latestAccessTime;
}
/**
* Returns the total time left(in seconds) for the Internal Session.
* @return Time left for the internal session to be invalid
*/
public long getTimeLeft() {
if (left >= 0) {
return left;
} else {
return 0;
}
}
/**
* Returns the extra time left(in seconds) for the Internal Session after
* the session timed out.
* @return time remaining before purge. <code> -1 </code> if the session
*/
public long getTimeLeftBeforePurge() {
/**
* period.
*/
if (!isTimedOut()) {
return -1;
}
/**
* Return the extra time left, if the session has timed out due to
*/
}
/**
* @return <code>true</code> if the Internal session has timedout ,
* <code>false</code> otherwise
*/
public boolean isTimedOut() {
return timedOutAt != 0;
}
/**
* Returns the state of the Internal Session
* @return the session state can be VALID,INVALID,INACTIVE,DESTORYED
*/
public int getState() {
return sessionState;
}
/**
* Returns the value of the specified key from the internal object map.
*
* @param key
* the key whose associated value is to be returned
* @return internal object
*/
}
/**
* Removes the mapping for this key from the internal object map if present.
*
* @param key
* key whose mapping is to be removed from the map
*/
}
/**
* Sets the key-value pair in the internal object map.
*
* @param key with which the specified value is to be associated
* @param value to be associated with the specified key
*/
}
private Map getInternalObjectMap() {
if (internalObjects == null) {
internalObjects = new HashMap();
}
return internalObjects;
}
/**
* Returns the value of the specified key from the Internal Session property
* table.
*
* @param key
* Property key
* @return string value for the key from Internal Session table.
*/
}
/**
* Returns the Enumeration of property names of the Internal Session
* property table.
* @return list of properties in the Internal session table.
*/
public Enumeration getPropertyNames() {
return sessionProperties.propertyNames();
}
/**
* Helper method to check if a property is protected or not.
* @param key
* property name.
* @return true if property is protected else false.
*/
return true;
}
return false;
}
/**
* Sets the key-value pair in the InternalSession property table if it is
* not protected. If it is protected client should have permission to set
* it. This method is to be used in conjuction with
* SessionRequestHandler/SessionService invocation path If the property is
* protected, an attempt to remotely set a protected property is logged and
* the method throws an Exception. Otherwise invocation is delegated to
* internalPutProperty()
*
* Note that package default access is being used
*
* @param clientToken
* Token of the client setting external property.
* @param key
* Property key
* @param value
* Property value for the key
* @exception SessionException is thrown if the key is protected property.
*
*/
throws SessionException {
try {
} catch (SessionException se) {
this, "SESSION_PROTECTED_PROPERTY_ERROR");
throw se;
}
if (DEBUG.messageEnabled()) {
+ " after validating client identity and permissions");
}
}
/**
* Sets the key-value pair in the Internal Session property table. This
* method should only be invoked locally by code running in the same server
* VM. Remote invocations should use putExternalProperty(). This is a simple
* wrapper around internalPutProperty(), which in addition calls to
* registerProtectedProperty() to make sure that if a property key is not
* already on the list of protected properties, it will be automatically
* added there (unless it is also on remotelyUpdateableProperties list!)
*
* @param key
* Property key
* @param value
* Property value for the key
*/
}
/**
* Sets the key-value pair in the Internal Session property table.
*
* @param key
* Property key
* @param value
* Property value for the key
*/
return;
}
if (isEnableHostLookUp) {
try {
} catch (UnknownHostException uhe) {
"InternalSession.internalputProperty():"
+ "Unable to get HostName for:" + value
+ " SessionException: ", uhe);
}
} else {
}
} else {
}
}
}
/**
* Sets the status of the isSessionUpgrade falg to which determines if the
* <code>Session</code> is in the upgrade state or not.
*
* @param value <code>true</code> if it is an upgrade
* <code>false</code> otherwise
*/
public void setIsSessionUpgrade(boolean value) {
}
/**
* Gets the status of the <code>Session</code> if is an upgrade state
*
* @return <code>true</code> if the session is in upgrade state
* <code>false</code> otherwise
*/
public boolean getIsSessionUpgrade() {
return isSessionUpgrade;
}
/**
* Sets the isISStored field.
* @param value <code>true</code> if the internal session is stored
* <code>false</code> otherwise
*/
public void setIsISStored(boolean value) {
boolean wasISStored = isISStored;
isISStored = value;
if (isISStored && !wasISStored) {
}
}
/**
* Returns the isISStored field
* return <code>true</code> if the internal session is stored
* <code>false</code> otherwise
*/
public boolean getIsISstored() {
return isISStored;
}
/*
* The session quota checking will be bypassed if:
* (1) the login user is the super user (not including users assigned the top level admin role), or
* (2) the token is an application token (e.g. Agent)
*/
boolean ignore = false;
// FIXME Is this initialization necessary?
if (SessionService.getSessionService().
ignore = true;
}
return ignore;
}
/**
* Changes the state of the session to ACTIVE after creation.
* @param userDN
* @return <code> true </code> if the session is successfully activated
* after creation , <code>false</code> otherwise
*/
// throws SessionConstraintException {
return false;
}
// Exceeded max active sessions, but allow if the user is super-admin
return false;
}
// need to set the uuid first
setUUID();
// checking Session Quota Constraints
if (SessionConstraint.checkQuotaAndPerformAction(this)) {
if (DEBUG.messageEnabled()) {
+ "exhausted!");
}
return false;
}
}
if (reschedulePossible) {
reschedule();
}
}
return true;
}
/**
* Sets the User Universal ID
*
*/
public void setUUID() {
}
/**
* Gets the User Universal ID
* @return UUID
*/
return uuid;
}
/**
* Changes the state of the session to ACTIVE from IN-ACTIVE.
*/
public void reactivate() {
cancel();
reschedule();
}
/**
* Sets the willExpireFlag. This flag specify that whether the session will
* ever expire or not.
*
* @param expire <code>true</code> will the set internal session to expire
*/
if (expire == false) {
cancel();
}
}
/**
* Checks the invalid session idle time. If this session is invalid and idle
* for more than 3 minutes, we will need to remove it from the session table
*
* @return <code>true</code> if the max default idle time expires
*/
private boolean checkInvalidSessionDefaultIdleTime() {
if (left >= 0) {
return false;
} else {
return true;
}
}
/**
* Checks whether the sesion should be destroyed or not.
*/
boolean shouldDestroy() {
if (willExpireFlag == false) {
return false;
}
if (!isTimedOut()) {
if (checkInvalidSessionDefaultIdleTime()) {
return true;
} else {
return false;
}
}
if (getTimeLeft() == 0) {
return false;
}
return false;
}
return false;
} else {
// do something special for the timed out sessions
if (getTimeLeftBeforePurge() <= 0) {
// destroy the session
return true;
} else {
return false;
}
}
}
/**
* Changes the state of the session and sends Session Notification when
* session times out.
*/
private void changeStateAndNotify(int eventType) {
if(purgeDelay == 0) {
return;
}
}
trimSession();
}
}
/**
* Transfers the info about the Internal Session to Session Info.
* @return SessionInfo
*/
public SessionInfo toSessionInfo() {
}
if (willExpireFlag == true) {
} else {
// Sessions such as authentication session will never be destroyed
}
}
return info;
}
/**
* Sets the last time the client sent a request associated with this
* session, as the number of seconds since midnight January 1, 1970 GMT.
*/
void setLatestAccessTime() {
long oldLatestAccessTime = latestAccessTime;
}
}
/**
* Sets the state of the Internal Session.
*
* @param state
*/
}
/**
* Returns the URL of the Session events and the associated master and
* restricted token ids
* @return Map of session event URLs
*/
return sessionEventURLs;
}
/**
* Returns the value of willExpireFlag.
*
*/
boolean willExpire() {
return willExpireFlag;
}
/**
* Determine whether it is an application session
*/
boolean isAppSession() {
}
/**
* Sets the creation time of the Internal Ssession, as the number of seconds
* since midnight January 1, 1970 GMT.
*/
public void setCreationTime() {
if (httpSession != null) {
} else {
}
}
/**
* add new restricted token pointing at the same session to the list
*/
}
}
}
Object[] getRestrictedTokens() {
}
/**
* Encodes the url by adding the cookiename=sid to it. if cookie support is
* true returns without encoding
* @param res HttpServletResponse
* @param url url to be encoded
* @return encoded URL
*/
}
/**
* Encodes the url by adding the cookiename=sid to it.
* if cookie support is true returns without encoding
* @param res HttpServletResponse
* @param url url to be encoded
* @param cookieName
* @return url
*/
String cookieName) {
}
/**
* Encodes the url by adding the cookiename=sid to it. if cookie support is
* true returns without encoding
*
* <p>
* The cookie Value is written in the URL based on the encodingScheme
* specified. The Cookie Value could be written as path info separated by
* either a "/" OR ";" or as a query string.
*
* <p>
* If the encoding scheme is SLASH then the cookie value would be written in
* the URL as extra path info in the following format:
* <pre>
* protocol://server:port/servletpath/<cookieName>=<cookieValue>?
* queryString
*</pre>
* <p>
* Note that this format works only if the path is a servlet, if a a jsp
* file is specified then webcontainers return with "File Not found" error.
* To rewrite links which are JSP files with cookie value use the SEMICOLON
* OR QUERY encoding scheme.
*
* <p>
* If the encoding scheme is SEMICOLON then the cookie value would be
* written in the URL as extra path info in the following format:
* <pre>
* </pre>
* Note that this is not supported in the servlet specification and some web
* containers do not support this.
*
* <p>
* If the encoding scheme is QUERY then the cookie value would be written in
* the URL in the following format:
* <pre>
* </pre>
* <p>
* This is the default and OpenSSO always encodes in this format
* unless otherwise specified. If the URL passed in has query parameter then
* entity escaping of ampersand will be done before appending the cookie if
* the escape is true. Only the ampersand before appending cookie parameter
* will be entity escaped.
* <p>
*
* @param url the URL to be encoded.
* @param encodingScheme possible values are <code>QUERY</code>,
* <code>SLASH</code>, <code>SEMICOLON</code>.
* @param escape entity escaping of ampersand when appending the SSOToken
* ID to request query string.
* @return encoded URL with cookie value (session ID) based on the encoding
* scheme or the url itself if there is an error.
*/
}
/**
* Encodes the url by adding the cookiename=sid to it.
* if cookie support is true returns without encoding
*
* <p>
* The cookie Value is written in the URL based on the encodingScheme
* specified. The Cookie Value could be written as path info separated
* by either a "/" OR ";" or as a query string.
*
* <p>
* If the encoding scheme is SLASH then the cookie value would be
* written in the URL as extra path info in the following format:
* <pre>
* protocol://server:port/servletpath/<cookieName>=<cookieValue>?
* queryString
* </pre>
* <p>
* Note that this format works only if the path is a servlet, if a
* a jsp file is specified then webcontainers return with
* "File Not found" error. To rewrite links which are JSP files with
* cookie value use the SEMICOLON OR QUERY encoding scheme.
*
* <p>
* If the encoding scheme is SEMICOLON then the cookie value would be
* written in the URL as extra path info in the following format:
* <pre>
* </pre>
* Note that this is not supported in the servlet specification and
* some web containers do not support this.
*
* <p>
* If the encoding scheme is QUERY then the cookie value would be
* written in the URL in the following format:
* <pre>
* </pre>
* <p>
* This is the default and OpenSSO always encodes in this format
* unless otherwise specified. If the URL passed in has query parameter then
* entity escaping of ampersand will be done before appending the cookie
* if the escape is true. Only the ampersand before appending
* cookie parameter
* will be entity escaped.
* <p>
* @param url the url to be encoded
* @param encodingScheme possible values are QUERY,SLASH,SEMICOLON
* @param escape entity escaping of ampersand when appending the
* SSOToken ID to request query string.
* @param cookieName
* @return encoded URL with cookie value (session id) based
* on the encoding scheme or the url itself if there is an error.
*/
String cookieName) {
if (DEBUG.messageEnabled()) {
}
} else { // cookie str not set so call encodeURL
}
}
}
if (DEBUG.messageEnabled()) {
+ "Session: url: " + encodedURL);
}
return encodedURL;
}
/**
* Returns true if cookies are supported.
*
* @return true if cookie supported;
*/
private boolean getCookieSupport() {
boolean cookieSupport = false;
try {
} else if (this.cookieMode != null) {
}
"Error getting cookieSupport value: ", ex);
cookieSupport = true;
}
if (DEBUG.messageEnabled()) {
+ cookieSupport);
}
return cookieSupport;
}
/**
* Sets the HttpSession into the Internal Session.
*
* @param hSession
*/
}
/**
* Returns the HttpSession stored in the Internal Session.
*/
return (httpSession);
}
/**
* Update for the session failover
*
*/
protected void updateForFailover() {
&& isISStored) {
isISStored = false;
} else {
}
}
}
/**
* Incase of session timeout the session is trimmed to reduce the memory
* overhead. Even if the session lives in the server for the extra time out
* period, the memory is not abused. Instance variables preserved are, 1)
* sessionID 2) timedOutAt 3) clientID 4) purgeDelay 5)
* sessionProperties(loginURL/SessionTimedOut/AM_CTX_ID/SAML2IDPSessionIndex)
* 6) sessionEventURLs 7) sessionState All other instance variables are
* cleaned to save memory.
*/
private void trimSession() {
clientDomain = null;
// Clean Session Properties
if (sessionTimedOut != null)
}
if (idpSessionIndex != null) {
}
}
/**
* set the cookieMode based on whether the request has cookies or not. This
* method is called from createSSOToken(request) method in SSOTokenManager.
*
* @param cookieMode ,
* Boolean value whether request has cookies or not.
*/
if (cookieMode != null) {
this.cookieMode = cookieMode;
}
}
this.sessionHandle = sessionHandle;
}
return sessionHandle;
}
/**
* Sets logical version timestamp value
*
* @param version
* version value
*/
public void setVersion(long version) {
}
/**
* Returns logical version timestamp value
*
* @return version value
*/
public long getVersion() {
return version;
}
/**
* Computes session object expiration time as smallest of idle limit or
* session maximum lifetime limit adjusted by purgeDelay
* Time value is in seconds and uses the same epoch start as
* System.currentTimeMillis()
* @return session expiration time
*/
public long getExpirationTime() {
if (timeLeft == 0) {
}
}
/**
* Correctly read and reschedule this session when it is read.
*/
if (willExpireFlag) {
if (!isTimedOut()) {
long expectedTime = creationTime +
(maxDefaultIdleTime * 60);
1000));
}
} else {
}
} else {
long timeLeft = getTimeLeft();
if (timeLeft == 0) {
}
} else {
if (idleTimeLeft <= 0 &&
}
} else {
timeToWait) * 1000));
}
}
}
}
} else {
1000));
}
} else {
}
}
}
}
}