com.ibm.websphere.servlet.session
Interface IBMSession

All Superinterfaces:
java.io.Externalizable, javax.servlet.http.HttpSession, java.io.Serializable

public interface IBMSession
extends javax.servlet.http.HttpSession, java.io.Externalizable

The IBMSession interface extends the HttpSession interface of the Servlet API to

  • allow the session to be maintained in a cluster (vio object serialization)
  • provide a measure of security for when a servlet attempts to access a session
  • allow customer control of the WebSphere concept of a HttpSession transaction in a clustered, database mode of operation With regards to security, WebSphere Application Server maintains the notion of an authenticated or unauthenticated owner of a session. A session owned by an unauthenticated user (which we internally denote via the user name of "anonymous"), then a servlet operating under the credentials of any user can access the session. However, if the session is marked as being owned by an authenticated user (where the user name is provide by the WebSphere Security API's and management), then a servlet must be operating under the credentials of the same user in order for WebSphere to return the requested session to the servlet. A session gets denoted one time with the first authenticated user name seen by the Application Server while processing the session. This can either happen if the user has already been authenticated on the Http Request which leads to the creation of the session, or it can happen on the first authenticated user name seen after an "anonymous" session is created. With regard the WebSphere HttpSession transactions in a database environment, by default, the WebSphere runtime updates any changes to a given HttpSession and unlocks the session after the completion of the service method. Via configuration options in the WebSphere runtime, you can turn this off and then control when a servlets updates to a session are sent to the database (and when the session is unlocked) via explicit call to the sync method.


    Method Summary
     java.lang.String getUserName()
               
     boolean isOverflow()
               
     void sync()
               
     
    Methods inherited from interface javax.servlet.http.HttpSession
    getAttribute, getAttributeNames, getCreationTime, getId, getLastAccessedTime, getMaxInactiveInterval, getSessionContext, getValue, getValueNames, invalidate, isNew, putValue, removeAttribute, removeValue, setAttribute, setMaxInactiveInterval
     
    Methods inherited from interface java.io.Externalizable
    readExternal, writeExternal
     

    Method Detail

    getUserName

    public java.lang.String getUserName()

    sync

    public void sync()

    isOverflow

    public boolean isOverflow()