Package org.forgerock.openig.session.cookie

Class LocalSessionStore

  • All Implemented Interfaces:
    Closeable, AutoCloseable
    public class LocalSessionStore
extends Object
implements Closeable
    An implementation of an in-memory session store.

    This store makes sure the given session is a copy of the original session object in order to avoid a situation where 2 concurrent requests edit the same session leading to an unexpected behaviour for the user. That also means that when a session is used by multiple requests, if they both modify the session content, only the session content (of the last save operation) is going to be "persisted".

    This store must be closed after use.

    • Constructor Detail

      • LocalSessionStore

        public LocalSessionStore​(Duration idleTimeout,
                         Clock clock)
        Create an instance of a LocalSessionStore.
        Parameters:
        idleTimeout - the Idle timeout of sessions
        clock - the Clock to use

    • Method Detail

      • getSession

        public Optional<org.forgerock.openig.session.cookie.TrackedSession> getSession​(String sessionId)
        Retrieve the session from the session store.

        The session retrieved is a copy of the stored session, so it must be saved back into the store after use.

        Parameters:
        sessionId - The session ID to look for.
        Returns:
        the session when found, otherwise an empty Optional.

      • saveSession

        public void saveSession​(org.forgerock.openig.session.cookie.TrackedSession session)
        Save the session into the session store. Will replace existing session with the same ID if any.

        This method will compute a session ID if the session has no session ID already. This computation impacts the performances and thus must be done lazily.

        Parameters:
        session - The session to save.

      • createNewSession

        public org.forgerock.openig.session.cookie.TrackedSession createNewSession()
        Create a new session.

        A newly created session has no ID (ie: TrackedSession.id() returns null). This is for performance reasons: computing an ID takes time, so we must only do this computation when we know the session will actually be saved.

        Returns:
        The new session.