Package org.apache.wicket

Class Session

  • All Implemented Interfaces:
    Serializable, IEventSink, IFeedbackContributor, IMetadataContext<Serializable,​Session>, IClusterable
    Direct Known Subclasses:
    WebSession
    public abstract class Session
extends Object
implements IClusterable, IEventSink, IMetadataContext<Serializable,​Session>, IFeedbackContributor
    Holds information about a user session, including some fixed number of most recent pages (and all their nested component information).
    • Access - the Session can be retrieved either by Component.getSession() or by directly calling the static method Session.get(). All classes which extend directly or indirectly WebMarkupContainer can also use its convenience method WebMarkupContainer.getWebSession()
    • Locale - A session has a Locale property to support localization. The Locale for a session can be set by calling setLocale(Locale). The Locale for a Session determines how localized resources are found and loaded.
    • Style - Besides having an appearance based on locale, resources can also have different looks in the same locale (a.k.a. "skins"). The style for a session determines the look which is used within the appropriate locale. The session style ("skin") can be set with the setStyle() method.
    • Resource Loading - Based on the Session locale and style, searching for resources occurs in the following order (where sourcePath is set via the ApplicationSettings object for the current Application, and style and locale are Session properties):
      1. [sourcePath]/name[style][locale].[extension]
      2. [sourcePath]/name[locale].[extension]
      3. [sourcePath]/name[style].[extension]
      4. [sourcePath]/name.[extension]
      5. [classPath]/name[style][locale].[extension]
      6. [classPath]/name[locale].[extension]
      7. [classPath]/name[style].[extension]
      8. [classPath]/name.[extension]
    • Session Properties - Arbitrary objects can be attached to a Session by installing a session factory on your Application class which creates custom Session subclasses that have typesafe properties specific to the application (see Application for details). To discourage non-typesafe access to Session properties, no setProperty() or getProperty() method is provided. In a clustered environment, you should take care to call the dirty() method when you change a property on your own. This way the session will be reset again in the http session so that the http session knows the session is changed.
    • Class Resolver - Sessions have a class resolver ( IClassResolver) implementation that is used to locate classes for components such as pages.
    • Page Factory - A pluggable implementation of IPageFactory is used to instantiate pages for the session.
    • Removal - Pages can be removed from the Session forcibly by calling clear(), although such an action should rarely be necessary.
    • Flash Messages - Flash messages are messages that are stored in session and are removed after they are displayed to the user. Session acts as a store for these messages because they can last across requests.
    Author:
    Jonathan Locke, Eelco Hillenius, Igor Vaynberg (ivaynberg)
    See Also:
    Serialized Form

    • Constructor Detail

      • Session

        public Session​(Request request)
        Constructor. Note that RequestCycle is not available until this constructor returns.
        Parameters:
        request - The current request

    • Method Detail

      • exists

        public static boolean exists()
        Checks existence of a Session associated with the current thread.
        Returns:
        true if get() can return the instance of session, false otherwise

      • get

        public static Session get()
        Returns session associated to current thread. Always returns a session during a request cycle, even though the session might be temporary
        Returns:
        session.

      • isRtlLanguage

        public static boolean isRtlLanguage​(Locale locale)
        Check if a BCP 47 / III language code indicates an RTL (right-to-left) language, i.e. either: - a language code explicitly specifying one of the right-to-left scripts, e.g. "az-Arab", or

        - a language code specifying one of the languages normally written in a right-to-left script, e.g. "fa" (Farsi), except ones explicitly specifying Latin or Cyrillic script (which are the usual LTR (left-to-right) alternatives).

        The list of right-to-left scripts appears in the 100-199 range in, of which Arabic and Hebrew are by far the most widely used. We also recognize Thaana, N'Ko, and Tifinagh, which also have significant modern usage. The rest (Syriac, Samaritan, Mandaic, etc.) seem to have extremely limited or no modern usage and are not recognized. The languages usually written in a right-to-left script are taken as those with Suppress-Script: Hebr|Arab|Thaa|Nkoo|Tfng, as well as Sindhi (sd) and Uyghur (ug). The presence of other subtags of the language code, e.g. regions like EG (Egypt), is ignored.

        Parameters:
        locale - - locale to check
        Returns:
        true in case passed locale is right-to-left

      • bind

        public final void bind()
        Force binding this session to the application's session store if not already done so.

        A Wicket application can operate in a session-less mode as long as stateless pages are used. Session objects will be then created for each request, but they will only live for that request. You can recognize temporary sessions by calling isTemporary() which basically checks whether the session's id is null. Hence, temporary sessions have no session id.

        By calling this method, the session will be bound (made not-temporary) if it was not bound yet. It is useful for cases where you want to be absolutely sure this session object will be available in next requests. If the session was already bound ( returns a session), this call will be a noop.

      • clear

        public final void clear()
        Removes all pages from the session. Although this method should rarely be needed, it is available (possibly for security reasons).

      • error

        public final void error​(Serializable message)
        Registers an error feedback message for this session
        Specified by:
        error in interface IFeedbackContributor
        Parameters:
        message - The feedback message

      • fatal

        public final void fatal​(Serializable message)
        Registers an fatal feedback message for this session
        Specified by:
        fatal in interface IFeedbackContributor
        Parameters:
        message - The feedback message

      • debug

        public final void debug​(Serializable message)
        Registers an debug feedback message for this session
        Specified by:
        debug in interface IFeedbackContributor
        Parameters:
        message - The feedback message

      • getApplication

        public final Application getApplication()
        Get the application that is currently working with this session.
        Returns:
        Returns the application.

      • getClientInfo

        public abstract ClientInfo getClientInfo()
        Gets the client info object for this session. This method lazily gets the new agent info object for this session. It uses any cached or set (setClientInfo(ClientInfo)) client info object.
        Returns:
        the client info object based on this request

      • getId

        public final String getId()
        Gets the unique id for this session from the underlying SessionStore. May be null if a concrete session is not yet created.
        Returns:
        The unique id for this session or null if it is a temporary session

      • getLocale

        public Locale getLocale()
        Get this session's locale.
        Returns:
        This session's locale

      • getSizeInBytes

        public final long getSizeInBytes()
        Returns:
        Size of this session

      • info

        public final void info​(Serializable message)
        Registers an informational feedback message for this session
        Specified by:
        info in interface IFeedbackContributor
        Parameters:
        message - The feedback message

      • invalidate

        public void invalidate()
        Invalidates this session at the end of the current request. If you need to invalidate the session immediately, you can do this by calling invalidateNow(), however this will remove all Wicket components from this session, which means that you will no longer be able to work with them.

      • invalidateNow

        public void invalidateNow()
        Invalidates this session immediately. Calling this method will remove all Wicket components from this session, which means that you will no longer be able to work with them.

      • isSessionInvalidated

        public final boolean isSessionInvalidated()
        Whether the session is invalid now, or will be invalidated by the end of the request. Clients should rarely need to use this method if ever.
        Returns:
        Whether the session is invalid when the current request is done
        See Also:
        invalidate(), invalidateNow()

      • isTemporary

        public final boolean isTemporary()
        Whether this session is temporary. A Wicket application can operate in a session-less mode as long as stateless pages are used. If this session object is temporary, it will not be available on a next request.
        Returns:
        Whether this session is temporary (which is the same as it's id being null)

      • setClientInfo

        public final Session setClientInfo​(ClientInfo clientInfo)
        THIS METHOD IS NOT PART OF THE WICKET PUBLIC API. DO NOT CALL IT.

        Sets the client info object for this session. This will only work when getClientInfo() is not overridden.

        Parameters:
        clientInfo - the client info object

      • setLocale

        public Session setLocale​(Locale locale)
        Set the locale for this session.
        Parameters:
        locale - New locale

      • isRtlLocale

        public boolean isRtlLocale()
        Method to determine if language of current locale is RTL (right-to-left) or not
        Returns:
        true if language of session locale is RTL (right-to-left), false otherwise

      • setStyle

        public final Session setStyle​(String style)
        Set the style (see Session).
        Parameters:
        style - The style to set.
        Returns:
        the Session object

      • warn

        public final void warn​(Serializable message)
        Registers a warning feedback message for this session
        Specified by:
        warn in interface IFeedbackContributor
        Parameters:
        message - The feedback message

      • endRequest

        public void endRequest()
        End the current request.

      • detach

        public void detach()
        Any detach logic for session subclasses. This is called on the end of handling a request, when the RequestCycle is about to be detached from the current thread.

      • internalDetach

        public void internalDetach()
        NOT PART OF PUBLIC API, DO NOT CALL Detaches internal state of Session

      • dirty

        public final void dirty()
        Marks session state as dirty so that it will be (re)stored in the ISessionStore at the end of the request. Note: binds the session if it is temporary

      • dirty

        public final void dirty​(boolean forced)
        Marks session state as dirty so that it will be re-stored in the ISessionStore at the end of the request.
        Parameters:
        forced - A flag indicating whether the session should be marked as dirty even when it is temporary. If true the Session will be bound.

      • getAttribute

        public final Serializable getAttribute​(String name)
        Gets the attribute value with the given name
        Parameters:
        name - The name of the attribute to store
        Returns:
        The value of the attribute

      • removeAttribute

        public final void removeAttribute​(String name)
        Removes the attribute with the given name.
        Parameters:
        name - the name of the attribute to remove

      • setAttribute

        public final Session setAttribute​(String name,
                                  Serializable value)
        Adds or replaces the attribute with the given name and value.
        Parameters:
        name - The name of the attribute
        value - The value of the attribute

      • nextSequenceValue

        public int nextSequenceValue()
        Retrieves the next available session-unique value
        Returns:
        session-unique value

      • nextPageId

        public int nextPageId()
        Returns:
        the next page id

      • onInvalidate

        public void onInvalidate()
        A callback method that is executed when the user session is invalidated either by explicit call to invalidate() or due to HttpSession expiration.

        In case of session expiration this method is called in a non-worker thread, i.e. there are no thread locals exported for the Application, RequestCycle and Session. The Session is the current instance. The Application can be found by using Application.get(String). There is no way to get a reference to a RequestCycle

      • changeSessionId

        public void changeSessionId()
        Change the id of the underlying (Web)Session if this last one is permanent.

        Call upon login to protect against session fixation.

        See Also:
        "http://www.owasp.org/index.php/Session_Fixation"

      • generateNewSessionId

        protected abstract String generateNewSessionId()
        Change the id of the underlying (Web)Session.
        Returns:
        the new session id value.